ZLab team detected two new threats hosted on a looking-good website www[.]6th-sense[.]eu. Both malware looks like a legitimate app that users have to install in order to access the media file hosted on the website.
The malicious website (www[.]6th-sense[.]eu), hosts 2 different malware samples:
Both malware act as spyware, in particular, “Firefox.exe” seems to act as a bot, because it waits for specific commands from a C&C.
Analyzing the TCP stream, we can see the communication session performed by malware with the C&C:
The C2C acknowledges the result sending the number Zero to the bot, probably this value indicates that there are no commands to execute on the host.
Both Malware would seem to belong to the malware family Bladabindi.
Bladabindi is a Trojan malware that steals confidential information from the compromised computer. Hackers also use it as a Malware downloader to deliver and execute other malware. With this malware, cybercriminals could steal
You can download the full ZLAB Malware Analysis Report at the following URL:
http://csecybsec.com/download/zlab/20171221_CSE_Bladabindi_Report.pdf
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Bladabindi malware, data stealer)
[adrotate banner=”5″]
[adrotate banner=”13″]
Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…
Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
This website uses cookies.