Home / malwarePDF  

TrojanDownloader:JS/Qakbot.A


First posted on 21 March 2020.
Source: Microsoft

Aliases :

TrojanDownloader:JS/Qakbot.A is also known as JS/Downldr.BQ, TR/Script.158662, Trojan.Script.158662, BackDoor.Qbotd.1, JS/TrojanDownloader.Agent.NQJ, Trojan-Downloader.JS.Qakbot, JS/Downloader-AH, Bck/QBot.M, Trojan.Script.JS.Agent.cx, Troj/Dloadr-CUV, Trojan-Downloader.JS.Agent.efb, JS_OBFUS.DE.

Explanation :

TrojanDownloader:JS/Qakbot.A is a JavaScript trojan that attempts to download and install Backdoor:Win32/Qakbot.gen!A. Installation In the wild, we have observed TrojanDownloader:JS/Qakbot.A being dropped by Backdoor:Win32/Qakbot.gen!A. Payload Downloads and executes arbitrary files In the wild, we have observed TrojanDownloader:JS/Qakbot.A contacting the following remote host in order to download and execute arbitrary files:  a.rtbn2.cn   Analysis by Scott Molenkamp

Last update 21 March 2020

 

TOP