Showing posts with label qbot. Show all posts
Showing posts with label qbot. Show all posts

Thursday, April 29, 2021

Threat Library - Qakbot / Qbot

Qakbot / Qbot

 date: 4/15/2021

delivery: email [Link to Zip w/ XLSM inside , "Docusign logo themed", links ( บางสะพาน[.]com/hGQC4/catalogue-93.zip , xn--72c0bbr3dtble[.]com/hGQC4/catalogue-93.zip )

persistence: unknown

capabilities (per memory strings): unknown

c2s: 

rosenbaum-milan15y[.]ru[.]com/body.html

boehm-kavon15lc[.]ru[.]com/body.html

identification method: twitter replies

special notes: url was unicode/punycode

samples: 

XLSM - https://www.joesandbox.com/analysis/387819/0/html

links: 

https://twitter.com/neonprimetime/status/1382743458494902274

screenshots: 












---------------------------------------------------

Posted by at 4 comments:
Labels: , , ,
Subscribe to: Posts (Atom)