The zEus stealer creates folders in C:ProgramData to save stolen data and malicious script files. Next, zEus uses command-line utilities and PowerShell to collect hardware information and saves the results in the HARDWARE folder, including currently running processes, OS version, product key, hardware ID, system configuration, installed programs, and WIFI password.
Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Sample Indicators of Compromise:
9d3409852348caa65d28e674008dd6bb986eed4fb507957c7a8b73a41e00be7003983b56d8b1a6cc43109f6cd67a13666367595a2ea07766127cb1fe4d4bb1a5https://discord.com/api/webhooks/1212818346157015070/2v0xe2vrxFGv658a2f6d5f6cf7d1a7534454e3c3007337b71d7da470e86f7636eb02d68b2db8cc51ede75315d858209f9aa60d791c097c18d38f44b9d050b555ff1f4de0ae672d