Zbot.F_2 is a Trojan horse that attempts to steal confidential banking information from the compromised computer. It may also download configuration files and updates from the Internet. It is spread mainly through drive-by downloads and phishing schemes. Zbot is also called as Zeus.
File Related Changes
It drops the following file(s) on the system:
- "c:\ProgramData\msdpcmza.exe"
Process Related Changes
It creates the following process(es): - C:\Windows\system32\msiexec.exe
Network Activity
We observed the following DNS query/queries:
It attempts to connect to the following remote servers: - update.microsoft.com.nsatc.net:80 (65.55.1xxxxxx)
- 62.76.xxxxxx:80
|
