Context Navigation

← Previous Ticket
Next Ticket →

#13108 new Bug report

Filezilla Instalation Bugs Detected as Malicious

Reported by:	Franklin Volquez	Owned by:
Priority:	critical	Component:	FileZilla Client
Keywords:	Malicious Activity by IOC Match	Cc:
Component version:	All Installation	Operating system type:	Windows
Operating system version:	Windows 11

Description

Filezilla Instalation is detected as Malicious Code for 3 difrent XDR productos, including Microsoft, SOPHOS, MCAfee and others, by IoC match with for the type of instalation: We created a test in a sanbox at any.run
download.filezilla-project.org
MD5
069670c93f460ab45bb9ec089dd508d7
SHA1
0b039e37ff8dcb2c00cda4bdd775cb80c1601d6b
SHA256
e324510081ea2b0b9e63520874983e3eb2ee1055fc2b00b41093ff1480d5f934

Any.Run URL https://app.any.run/tasks/e89f12a8-a7dd-45d9-807d-a5fa03e09d49

Any.Run Analisys

The task involved the execution of Windows Media Player and FileZilla software, including the installation and uninstallation processes of FileZilla FTP Client. The process tree shows the flow of execution from the Windows Media Player configuration to the installation and subsequent uninstallation of FileZilla software. Additionally, the modified files and registry changes provide insights into the changes made to the system during these processes.

One of the most interesting points in this task is the creation of multiple temporary files with .dll extensions in the user's temporary folder during the installation of FileZilla. This behavior is commonly seen in malware to hide malicious activities within legitimate-looking files. Furthermore, the registry changes made to enable error reporting for various FileZilla components could indicate potential vulnerabilities or issues within the software that could be exploited by an attacker. The installation and subsequent uninstallation of FileZilla software in a short timeframe could also be a red flag for suspicious activity.

In conclusion, the task involved the installation and uninstallation of FileZilla FTP Client software, with various modifications to files and registry settings. The creation of multiple .dll files in the temporary folder during the installation process, along with the registry changes for error reporting, raises concerns about potential malicious activities or vulnerabilities. Malware analysts should further investigate the behavior of these files and registry changes to determine if any malicious activities were involved in this task.

Attachments (1)

Filezilla Instalation Bug Detected as Malicious.pdf (5.6 MB ) - added by Franklin Volquez 8 weeks ago.

Download all attachments as: .zip

Change History (1)

by Franklin Volquez, 8 weeks ago

Attachment:	Filezilla Instalation Bug Detected as Malicious.pdf added

Note: See TracTickets for help on using tickets.

Download in other formats: