Qadars Banking Malware Fake Flash Update

by Unknown 23:05 0 comments Banking trojan fraud Malware Malware Analysis phishing

Associated domains with Qadras Malware 

• dateyou.me – COMPROMISED SITE
• dateyou.me GET /media/system/js/statc40.php – Injected Redirect Script

• 185.93.187.116 – profixsysline.net – Redirected Site
• 185.93.187.109 – adobe-flash-player.org – Phishing page

• https://www.dropbox.com/s/zyzxxje6c903ce9/update_flashplayer_vc18.exe?dl=1 : Malicious Content Download
• 50.191.84.32 Port 443 – igyo6saomki0.net – Qadars Post Infect Traffic
• 62.75.207.97 Port 443 – prolinesti.net – Qadars Post Infect Traffic

For Analysing you can download the sample from here : https://www.sendspace.com/file/38tpt9 .But am not responsible for infection for your own system.