ZLab team detected two new threats hosted on a looking-good website www[.]6th-sense[.]eu. Both malware looks like a legitimate app that users have to install in order to access the media file hosted on the website.
The malicious website (www[.]6th-sense[.]eu), hosts 2 different malware samples:
Both malware act as spyware, in particular, “Firefox.exe” seems to act as a bot, because it waits for specific commands from a C&C.
Analyzing the TCP stream, we can see the communication session performed by malware with the C&C:
The C2C acknowledges the result sending the number Zero to the bot, probably this value indicates that there are no commands to execute on the host.
Both Malware would seem to belong to the malware family Bladabindi.
Bladabindi is a Trojan malware that steals confidential information from the compromised computer. Hackers also use it as a Malware downloader to deliver and execute other malware. With this malware, cybercriminals could steal
You can download the full ZLAB Malware Analysis Report at the following URL:
(Security Affairs – Bladabindi malware, data stealer)