Qakbot Dropper Analysis
In this video we analyze the Qakbot Malware Dropper. The file that starts the infection is an HTML File, the flow is as follows:
- html drops .zip via html smuggling.
- zip contains iso file.
- iso contains .lnk.
- Lnk file launches calc.exe,
- calc.exe sideloads windowscodecs.dll
- windowscodecs.dll executes the malicious payload dll (102755.dll).
Malware Sample: hxxps[://]bazaar[.]abuse[.]ch/sample/f5c16248418a4f1fd8dff438b26b8da7f587b77db9e180a82493bae140893687/
Malware Analysis Course Link: courses.null-char.com/courses...
Academy Link: ask-academy.live/
Please provide feedback in the comments.
To continue the conversation hit me up on twitter:
🐦 Twitter - / nu11charb
#malware #Qakbot #HTMLSmuggling #DLLSideLoading #reverseengineering
Пікірлер: 20
Great analysis as always. Looking forward for part 2 :)
amazing as always :) thanks for uploading this, hope you are well!
Nice explanation. Thank you for sharing!
Great video. I wish there was a course for beginners on how to do this. So helpful.
@ahmedskasmani
2 жыл бұрын
There is a Malware Analysis course by me on how do this. Check the description there is link for my course.
hey great explanation but i wanted to know whats the final payload dll have impact on the system? or just a sideloading
Thanks for the video, great job!
@ahmedskasmani
Жыл бұрын
You are most welcome
keep going great explanation
@ahmedskasmani
Жыл бұрын
Many thanks
Thanks Bruu
Great video!
@ahmedskasmani
Жыл бұрын
Thanks a lot legend 🙂
شكرآ ا تحليل جيد
thank you good sir
Genius!!
Hi ahmed, how can we perform the analysis on .dat file instaed of calc.exe. New qakbot are coming .dat file inside the ISO image
Are there any chances for zuorat malware analysis Sir?
Nice video!
@ahmedskasmani
2 жыл бұрын
Thanks Colin