2019-09-06 - QAKBOT INFECTION FROM MALSPAM

ASSOCIATED FILES:

• 2019-09-06-Qakbot-infection-traffic.pcap.zip   12.3 MB (12,288,013 bytes)
• 2019-09-06-Qakbot-malware.zip   2.5 MB (2,510,945 bytes)

NOTES:

• This activity was reported by @dvk01uk on 2019-09-06 in a blog titled: Fake west-telecom.com Update Notice delivers Qbot backdoor
• Zip archives are password-protected with the standard password.  If you don't know it, see the "about" page of this website.

 

IMAGES

Shown above:  Downloading a malicious zip archive from link in the malspam.

 

Shown above:  VBS file contained in the malicious zip archive.

 

Shown above:  Traffic from the infection filtered in Wireshark.

 

Shown above:  SMTP traffic noted in the infection traffic.

 

Shown above:  Malware noted in the infected user's AppData\Local\Temp directory.

 

Shown above:  Qakbot persistent on the infected Windows host.

 

Click here to return to the main page.