2019-09-06 - QAKBOT INFECTION FROM MALSPAM

ASSOCIATED FILES:

NOTES:

 

IMAGES


Shown above:  Downloading a malicious zip archive from link in the malspam.

 


Shown above:  VBS file contained in the malicious zip archive.

 


Shown above:  Traffic from the infection filtered in Wireshark.

 


Shown above:  SMTP traffic noted in the infection traffic.

 


Shown above:  Malware noted in the infected user's AppData\Local\Temp directory.

 


Shown above:  Qakbot persistent on the infected Windows host.

 

Click here to return to the main page.