Qakbot Dropper Analysis
Vložit
- čas přidán 21. 08. 2024
- In this video we analyze the Qakbot Malware Dropper. The file that starts the infection is an HTML File, the flow is as follows:
- html drops .zip via html smuggling.
- zip contains iso file.
- iso contains .lnk.
- Lnk file launches calc.exe,
- calc.exe sideloads windowscodecs.dll
- windowscodecs.dll executes the malicious payload dll (102755.dll).
Malware Sample: hxxps[://]bazaar[.]abuse[.]ch/sample/f5c16248418a4f1fd8dff438b26b8da7f587b77db9e180a82493bae140893687/
Malware Analysis Course Link: courses.null-c...
Academy Link: ask-academy.live/
Please provide feedback in the comments.
To continue the conversation hit me up on twitter:
🐦 Twitter - / nu11charb
#malware #Qakbot #HTMLSmuggling #DLLSideLoading #reverseengineering
Great analysis as always. Looking forward for part 2 :)
Great video. I wish there was a course for beginners on how to do this. So helpful.
There is a Malware Analysis course by me on how do this. Check the description there is link for my course.
amazing as always :) thanks for uploading this, hope you are well!
keep going great explanation
Many thanks
Nice explanation. Thank you for sharing!
thank you good sir
Great video!
Thanks a lot legend 🙂
hey great explanation but i wanted to know whats the final payload dll have impact on the system? or just a sideloading
شكرآ ا تحليل جيد
Thanks for the video, great job!
You are most welcome
Thanks Bruu
Genius!!
Nice video!
Thanks Colin
Hi ahmed, how can we perform the analysis on .dat file instaed of calc.exe. New qakbot are coming .dat file inside the ISO image
Are there any chances for zuorat malware analysis Sir?