1 2 Previous Next 11 Replies Latest reply on Mar 18, 2017 1:15 AM by catdaddy

    New Zbot samples sent. No answered got yet.

    jabii

      Hello,

       

      Monday - 06.03.2017 i have sent to Virus_Research@avertlabs.com using my corporate email, 5 samples of an undetected version of Zbot malware - (at least this was the answer from our ATD machine).

      Could someone tell me what is the status? Can i have an extradat file for them?

       

      Analysis ID: 10310609

      Analysis ID: 10310608

      Analysis ID: 10310606

      Analysis ID: 10310575

       

      PS: i found those samples only after i made a query for Threat event --> prevention of using the port 25. Those malware will inject their process in svchost.exe: C:\WINDOWS\SYSWOW64\SVCHOST.EXE .

      Startup type/mode: HKCU\SOFT WARE\Microsof t\Windows\CurrentVersion\Run\MSConfig "C:\Users\Administrator\xbswyfjt.exe" REG_SZ ..... (ATD returned this information)

       

      Process Created

      Process Name Module

      "c:\users\administrator\appdata\local\temp\0506.bat"

      "c:\users\administrator\xbswyf jt.exe"

        1 2 Previous Next