2019-09-06 - QAKBOT INFECTION FROM MALSPAM
ASSOCIATED FILES:
- 2019-09-06-Qakbot-infection-traffic.pcap.zip 12.3 MB (12,288,013 bytes)
- 2019-09-06-Qakbot-malware.zip 2.5 MB (2,510,945 bytes)
NOTES:
- This activity was reported by @dvk01uk on 2019-09-06 in a blog titled: Fake west-telecom.com Update Notice delivers Qbot backdoor
- Zip archives are password-protected with the standard password. If you don't know it, see the "about" page of this website.
IMAGES
Shown above: Downloading a malicious zip archive from link in the malspam.
Shown above: VBS file contained in the malicious zip archive.
Shown above: Traffic from the infection filtered in Wireshark.
Shown above: SMTP traffic noted in the infection traffic.
Shown above: Malware noted in the infected user's AppData\Local\Temp directory.
Shown above: Qakbot persistent on the infected Windows host.
Click here to return to the main page.