Qadars Banking Malware Fake Flash Update

by 23:05 0 comments


Associated domains with Qadras Malware 





  • dateyou.me – COMPROMISED SITE
  • dateyou.me GET /media/system/js/statc40.php – Injected Redirect Script

  • 185.93.187.116 – profixsysline.net – Redirected Site
  • 185.93.187.109 – adobe-flash-player.org – Phishing page
  • https://www.dropbox.com/s/zyzxxje6c903ce9/update_flashplayer_vc18.exe?dl=1 : Malicious Content Download
  • 50.191.84.32 Port 443 – igyo6saomki0.net – Qadars Post Infect Traffic
  • 62.75.207.97 Port 443 – prolinesti.net – Qadars Post Infect Traffic
For Analysing you can download the sample from here : https://www.sendspace.com/file/38tpt9 .But am not responsible for infection for your own system.



Unknown

IT Security and Cyber Forensic Analyst

0 comments:

Post a Comment