We are able to collect several samples of Zeus bot and there are many variants of the same.
However when we try to analyse it in our sandbox and closed environment, we are not able to get any activity.
There are several reports available, which are for same md5sum sample but still after much of analysis and triggering attempts, either the malicious sample dosnt trigger or if it does, it doesn't show any network activity.
What could be the reason? Where is the catch?? We have referred Zeus tracker sites (https://zeustracker.abuse.ch/blocklist.php), threatExpert reports but precisely what kind of analysis should be done and what environment created to analyse these setups.
We found that Vmware/Virtual setups may have been getting detected, but what abt a live sandbox environment. Why is the malicious exe not triggering there?? Where are we missing?
Anyone having pointers, suggestions...please suggest.
Thanks a lot,
We are able to collect several samples of Zeus bot and there are many variants of the same.
However when we try to analyse it in our sandbox and closed environment, we are not able to get any activity.
There are several reports available, which are for same md5sum sample but still after much of analysis and triggering attempts, either the malicious sample dosnt trigger or if it does, it doesn't show any network activity.
What could be the reason? Where is the catch?? We have referred Zeus tracker sites (https://zeustracker.abuse.ch/blocklist.php), threatExpert reports but precisely what kind of analysis should be done and what environment created to analyse these setups.
We found that Vmware/Virtual setups may have been getting detected, but what abt a live sandbox environment. Why is the malicious exe not triggering there?? Where are we missing?
Anyone having pointers, suggestions...please suggest.
Thanks a lot,
Regards,
Mayank,
India
[ reply ]