Opened 4 months ago
#13108 new Bug report
Filezilla Instalation Bugs Detected as Malicious
Reported by: | Franklin Volquez | Owned by: | |
---|---|---|---|
Priority: | critical | Component: | FileZilla Client |
Keywords: | Malicious Activity by IOC Match | Cc: | |
Component version: | All Installation | Operating system type: | Windows |
Operating system version: | Windows 11 |
Description
Filezilla Instalation is detected as Malicious Code for 3 difrent XDR productos, including Microsoft, SOPHOS, MCAfee and others, by IoC match with for the type of instalation: We created a test in a sanbox at any.run
download.filezilla-project.org
MD5
069670c93f460ab45bb9ec089dd508d7
SHA1
0b039e37ff8dcb2c00cda4bdd775cb80c1601d6b
SHA256
e324510081ea2b0b9e63520874983e3eb2ee1055fc2b00b41093ff1480d5f934
Any.Run URL https://app.any.run/tasks/e89f12a8-a7dd-45d9-807d-a5fa03e09d49
Any.Run Analisys
The task involved the execution of Windows Media Player and FileZilla software, including the installation and uninstallation processes of FileZilla FTP Client. The process tree shows the flow of execution from the Windows Media Player configuration to the installation and subsequent uninstallation of FileZilla software. Additionally, the modified files and registry changes provide insights into the changes made to the system during these processes.
One of the most interesting points in this task is the creation of multiple temporary files with .dll extensions in the user's temporary folder during the installation of FileZilla. This behavior is commonly seen in malware to hide malicious activities within legitimate-looking files. Furthermore, the registry changes made to enable error reporting for various FileZilla components could indicate potential vulnerabilities or issues within the software that could be exploited by an attacker. The installation and subsequent uninstallation of FileZilla software in a short timeframe could also be a red flag for suspicious activity.
In conclusion, the task involved the installation and uninstallation of FileZilla FTP Client software, with various modifications to files and registry settings. The creation of multiple .dll files in the temporary folder during the installation process, along with the registry changes for error reporting, raises concerns about potential malicious activities or vulnerabilities. Malware analysts should further investigate the behavior of these files and registry changes to determine if any malicious activities were involved in this task.
Attachments (1)
Change History (1)
by , 4 months ago
Attachment: | Filezilla Instalation Bug Detected as Malicious.pdf added |
---|