2020-01-29 - QBOT (QAKBOT) INFECTION

ASSOCIATED FILES:

  • 2020-01-29-Qbot-IOCs.txt   (3,328 bytes)
  • 2020-01-29-Qbot-infection-traffic.pcap   (53,173,810 bytes)
  • 2020-01-29-Calc.exe-copied-to-overwrite-initial-Qbot-EXE.bin   (26,112 bytes)
  • 2020-01-29-Qbot-EXE-persistent-on-infected-Windows-host.bin   (339,968 bytes)
  • 2020-01-29-VBS-file-extracted-from-downloaded-zip-archive.txt   (4,315,240 bytes)
  • 2020-01-29-initial-Qbot-EXE-retrieved-by-VBS-file.bin   (475,136 bytes)
  • 2020-01-29-registry-update-caused-by-Qbot.txt   (810 bytes)
  • 2020-01-29-zip-archive-retrieved-from-link-in-Qbot-malspam.zip   (2,184,158 bytes)

NOTES:

 

IMAGES


Shown above:  Traffic from the infection filtered in Wireshark.

 

Click here to return to the main page.