W32/Feebs.Z!worm
Analysis
W32/Feebs.Z!worm - 06-10-10
More Info:
- C:\recycled\userinit.exe
- key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CD5AC91B-AE7B-E83A-0C4C-E616075972F3}
- value: Stubpath
- data: C:\recycled\userinit.exe
- key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
- value: mal
- data: [EMAIL ADDRESS OF victim]
- key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
- value: web
- data: 68 74 74 70 3A 2F 2F 70 6F 70 63 61 70 66 72 65 65 2E 74 33 35 2E 63 6F 6D 2F 00
- Email format:
- Body:
- Attachments:
One of the following: msg.zip message.zip data.zip mail.zip
ID: [RANDOM #s] Password: [RANDOM characters] [random footer/signature]
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |