Hello,
Monday - 06.03.2017 i have sent to Virus_Research@avertlabs.com using my corporate email, 5 samples of an undetected version of Zbot malware - (at least this was the answer from our ATD machine).
Could someone tell me what is the status? Can i have an extradat file for them?
Analysis ID: 10310609
Analysis ID: 10310608
Analysis ID: 10310606
Analysis ID: 10310575
PS: i found those samples only after i made a query for Threat event --> prevention of using the port 25. Those malware will inject their process in svchost.exe: C:\WINDOWS\SYSWOW64\SVCHOST.EXE .
Startup type/mode: HKCU\SOFT WARE\Microsof t\Windows\CurrentVersion\Run\MSConfig "C:\Users\Administrator\xbswyfjt.exe" REG_SZ ..... (ATD returned this information)
Process Created
Process Name Module
"c:\users\administrator\appdata\local\temp\0506.bat"
"c:\users\administrator\xbswyf jt.exe"
Solved! Go to Solution.
I just received this correspondence from the Engineer working on your submission. Please provide the Analysis ID # s here. And shoot the 2 other hashes to me in a Direct Message.
Cliff,
If you have the Hashes it would be great as I’ve just finished adding detection for the other 4 files.
Regards,
Charles Crofford
Threat Intelligence Anti-Malware Security Researcher /
JTI Content Development
McAfee Labs
While I am from Consumer Products, I work closely with the Technicians/Engineers from McAfee Labs. I can personally escalate your submissions on your behalf, since you have provided the Analysis ID #'S. I will do so through the Ask Malware Response Portal. It will be placed in their Queue.
Your Escalated Ticket Number is as follows Ticket #: AM000855 - Corporate Product Submissions (Unanswered )
Cliff
Moderator
Consumer Products
Thank you Catdaddy. I'll wait for an answer.
By the way can i verify myself the resolution of this Ticket #: AM000855 somewhere? Do you have an URL for me?
It is a Service Portal for Malware Detections which you have to be authorized to send to. I will apprise you immediately upon any correspondence I receive back. Normally it is in short order. I have followed you, and will Private message you.
Direct Message sent...
As Promised, I just received this correspondence from one of the Lab Technicians.
Hi Cliff,
I have escalated this ticket to the Threat Intelligence team to take a look at the sample provided by the customer. I will notify the team this morning of this ticket in our morning meeting.
Thank you!
Danielle
Thank you Catdaddy for the prompt answer.
I'll wait for a resolution.
You are quite welcome. Normally the Labs handle submissions in 2-3 days or less. They of course could be inundated, luckily Danielle is on the case
I just received this back from the labs,after following up with them;
We do have an a TI engineer working on the case now and it is assigned to him. It is currently in progress. As soon you get the IDs for the other two samples let us know.
Thank you Cliff for the update!
Danielle Clarke
Please provide us the additional Analysis id #'s
I just received this correspondence from the Engineer working on your submission. Please provide the Analysis ID # s here. And shoot the 2 other hashes to me in a Direct Message.
Cliff,
If you have the Hashes it would be great as I’ve just finished adding detection for the other 4 files.
Regards,
Charles Crofford
Threat Intelligence Anti-Malware Security Researcher /
JTI Content Development
McAfee Labs
Kindly apprise us when you get all of your Dats for the detections you submitted. This way we can consider this Discussion/Thread resolved.
Thanks
Cliff
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA