all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OneNote Malware Trends - Investigating Script Execution that Leads to QuakBot

Add to bookmarks
Feb. 17, 2023, 2 p.m. | Dr Josh Stroschein

Dr Josh Stroschein www.youtube.com

As OneNote documents continue to plague organizations, I decided to take a look at yet another document, this one leads to a qbot (quakbot) infection. In this video, we'll use ProcMon and Process Hacker 2 to learn more about the process activity around OneNote documents. We'll then use Onedump to extract the script and decode it. Finally, we'll talk briefly about the DLL that is downloaded that leads to the qbot infection.

Sample SHA256: ec674e92a9d108d67d2cc0f1f2d20579a8ca8ba6e32af1fe0ed8a1067a426586

00:00 Introduction
00:52 Setting up …

continue dll document documents extract hacker infection learn malware onenote organizations process procmon qbot quakbot script trends video

Visit resource

More from www.youtube.com / Dr Josh Stroschein

🔴 Malware Mondays Episode 02 - Investigating Processes with Process Explorer and System Informer 6 days ago | www.youtube.com
basics episode explorer focus +10
MM#02 - Uncover Program Behavior! Build a Sample Program to Investigate w/ Process Explorer | … 1 week, 3 days ago | www.youtube.com
basics build episode explorer +12
Malware Mondays?!? Learn more 2 weeks, 2 days ago | www.youtube.com
learn malware
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 4 weeks ago | www.youtube.com
artifact data goal learn +11
MM#01 - How to Capture Malicious Activity with Process Monitor! Using ProcMon with Amadey Malware 1 month, 1 week ago | www.youtube.com
amadey artifacts capture data +11
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 1 month, 1 week ago | www.youtube.com
artifact data goal learn +11
Why Do You Need to Know Assembly to Use IDAPro or Ghidra? Exploring disassembly and … 1 month, 1 week ago | www.youtube.com
assembly disassembly effectively ghidra +9
Ease Shellcode Analysis with SCLauncher! Learn how-to wrap shellcode into a PE file 1 month, 2 weeks ago | www.youtube.com
analysis debugging development easy +18
Customizing FakeNet-NG for Malicious Document Analysis! How to modify the web root 1 month, 3 weeks ago | www.youtube.com
analysis can default dive +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Data Privacy Manager m/f/d)

@ Coloplast | Hamburg, HH, DE
View on infosec-jobs.com

Cybersecurity Sr. Manager

@ Eastman | Kingsport, TN, US, 37660
View on infosec-jobs.com

KDN IAM Associate Consultant

@ KPMG India | Hyderabad, Telangana, India
View on infosec-jobs.com

Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)

@ Bosch Group | Stuttgart, Germany
View on infosec-jobs.com

Senior Security Engineer - SIEM

@ Samsara | Remote - US
View on infosec-jobs.com
View more jobs