cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jabii
Level 7
Report Inappropriate Content
Message 1 of 12
‎03-09-2017 02:23 PM

New Zbot samples sent. No answered got yet.

Jump to solution

Hello,

Monday - 06.03.2017 i have sent to Virus_Research@avertlabs.com using my corporate email, 5 samples of an undetected version of Zbot malware - (at least this was the answer from our ATD machine).

Could someone tell me what is the status? Can i have an extradat file for them?

Analysis ID: 10310609

Analysis ID: 10310608

Analysis ID: 10310606

Analysis ID: 10310575

PS: i found those samples only after i made a query for Threat event --> prevention of using the port 25. Those malware will inject their process in svchost.exe: C:\WINDOWS\SYSWOW64\SVCHOST.EXE .

Startup type/mode: HKCU\SOFT WARE\Microsof t\Windows\CurrentVersion\Run\MSConfig "C:\Users\Administrator\xbswyfjt.exe" REG_SZ ..... (ATD returned this information)

Process Created

Process Name Module

"c:\users\administrator\appdata\local\temp\0506.bat"

"c:\users\administrator\xbswyf jt.exe"

0 Kudos
Reply
1 Solution

Accepted Solutions
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 12
‎03-14-2017 01:58 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

I just received this correspondence from the Engineer working on your submission. Please provide the Analysis ID # s here. And shoot the 2 other hashes to me in a Direct Message.

Cliff,

If you have the Hashes it would be great as I’ve just finished adding detection for the other 4 files.

Regards,

  Charles Crofford


Threat Intelligence Anti-Malware Security Researcher /
JTI Content Development


McAfee Labs

Cliff
McAfee Volunteer

View solution in original post

0 Kudos
Reply
11 Replies
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 12
‎03-09-2017 02:38 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

​,

               While I am from Consumer Products, I work closely with the Technicians/Engineers from McAfee Labs. I can personally escalate your submissions on your behalf, since you have provided the Analysis ID #'S. I will do so through the Ask Malware Response Portal. It will be placed in their Queue.

               Your Escalated Ticket Number is as follows Ticket #: AM000855 - Corporate Product Submissions (Unanswered )

Cliff

Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos
Reply
jabii
Level 7
Report Inappropriate Content
Message 3 of 12
‎03-09-2017 03:04 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

Thank you Catdaddy. I'll wait for an answer.

By the way can i verify myself the resolution of this Ticket #: AM000855 somewhere? Do you have an URL for me?

0 Kudos
Reply
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 12
‎03-09-2017 03:08 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

It is a Service Portal for Malware Detections which you have to be authorized to send to. I will apprise you immediately upon any correspondence I receive back. Normally it is in short order. I have followed you, and will Private message you.

Direct Message sent...

Cliff
McAfee Volunteer
0 Kudos
Reply
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 5 of 12
‎03-10-2017 11:49 AM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

As Promised, I just received this correspondence from one of the Lab Technicians.

Hi Cliff,

I have escalated this ticket to the Threat Intelligence team to take a look at the sample provided by the customer. I will notify the team this morning of this ticket in our morning meeting.


Thank you!

Danielle

Cliff
McAfee Volunteer
0 Kudos
Reply
jabii
Level 7
Report Inappropriate Content
Message 6 of 12
‎03-11-2017 12:55 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

Thank you Catdaddy for the prompt answer.

I'll wait for a resolution.

0 Kudos
Reply
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 7 of 12
‎03-11-2017 02:35 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

You are quite welcome. Normally the Labs handle submissions in 2-3 days or less. They of course could be inundated, luckily Danielle is on the case

Cliff
McAfee Volunteer
0 Kudos
Reply
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 8 of 12
‎03-14-2017 01:06 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

I just received this back from the labs,after following up with them;

Hi Cliff,

We do have an a TI engineer working on the case now and it is assigned to him. It is currently in progress. As soon you get the IDs for the other two samples let us know.


Thank you Cliff for the update!

Danielle Clarke

Please provide us the additional Analysis id #'s

Cliff
McAfee Volunteer
0 Kudos
Reply
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 12
‎03-14-2017 01:58 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

I just received this correspondence from the Engineer working on your submission. Please provide the Analysis ID # s here. And shoot the 2 other hashes to me in a Direct Message.

Cliff,

If you have the Hashes it would be great as I’ve just finished adding detection for the other 4 files.

Regards,

  Charles Crofford


Threat Intelligence Anti-Malware Security Researcher /
JTI Content Development


McAfee Labs

Cliff
McAfee Volunteer

View solution in original post

0 Kudos
Reply
catdaddy
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 10 of 12
‎03-14-2017 02:32 PM

Re: New Zbot samples sent. No answered got yet.

Jump to solution

Kindly apprise us when you get all of your Dats for the detections you submitted. This way we can consider this Discussion/Thread resolved.

Thanks

Cliff

Cliff
McAfee Volunteer
0 Kudos
Reply

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC