Register

Forgot Password

Site FAQ

Home > IT Blogs > Irregular Expressions > Discount Gift Certificates

>>VIEW ALL POSTS

Irregular Expressions

Jul 26 2012 10:59PM GMT

Discount Gift Certificates

Posted by: Dan O'Connor

backdoor, command and control, communication, digital forensics

Wow really I can’t wait to get those.

I got a fake groupon email today with a zip attachment that had a an exe inside.

First thing was to get it copied on to my VM system ( and hope it does not do something silly while running in a VM ).
Then get a few of my favorite utils fired up. For this I am going to just start with CaptureBAT and see what happens then go from there.

We are off to a good start, it did run. It went off as a running process of the same name. Here is some other things it did;
- Dropped a file to “Documents and Settings\All Users\svchost.exe”
- Created a persistent method of launching, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched: “C:\Documents and Settings\All Users\svchost.exe”

What I have not seen yet is it make a network connection out.
Yet anyway.

Comment

RSS Feed

Email a friend

Comment on this Post

Leave a comment:

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags

Irregular Expressions

Discount Gift Certificates

Comment on this Post

About This Blog

Browse This Blog’s Tags

Archives

Blog Roll

Subscribe to Alerts