2019-09-06 - QAKBOT INFECTION FROM MALSPAM

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2019-09-06-Qakbot-infection-traffic.pcap.zip   12.3 MB (12,288,013 bytes)
• 2019-09-06-Qakbot-malware.zip   2.5 MB (2,511,333 bytes)

NOTES:

• This activity was reported by @dvk01uk on 2019-09-06 in a blog titled Fake West-telecom.com Update Notice Delivers Qbot Backdoor.

 

IMAGES

Shown above:  Downloading a malicious zip archive from link in the malspam.

 

Shown above:  VBS file contained in the malicious zip archive.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  SMTP traffic noted in the infection traffic.

 

Shown above:  Malware noted in the infected user's AppData\Local\Temp directory.

 

Shown above:  Qakbot persistent on the infected Windows host.

 

Click here to return to the main page.