Qadars – a banking Trojan with the Netherlands in its sights | WeLiveSecurity
Tags
country: Australia Canada Netherlands France India Italy Ukraine
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Content Injection - T1659 Credentials - T1589.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004
Show in Graph
Common Information
Type Value
UUID a0c3b6a5-f5db-4f14-a152-a6b5e2ec4112
Fingerprint ff4595b98c33869d
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 18, 2013, 12:40 p.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 15, 2024, 2:37 p.m.
Headline Qadars – a banking Trojan with the Netherlands in its sights
Title Qadars – a banking Trojan with the Netherlands in its sights | WeLiveSecurity
Detected Hints/Tags/Attributes 84/2/15
Source URLs
Redirection Url
Details Source https://www.welivesecurity.com/2013/12/18/qadars-a-banking-trojan-with-the-netherlands-in-its-sights/
URL Provider
Details Provider Source level domain
Details welivesecurity.com www.welivesecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
nb7wazsx.briefthink.biz
Details Domain 1 
o3xzf.checkimagine.biz
Details Domain 1 
pfsb77j2.examinevisionary.biz
Details Domain 105 
domain.com
Details File 101 
gate.php
Details sha1 1 
f31bf806920c97d9ca8418c9893052754df2eb4d
Details sha1 1 
dac7065529e59ae6fc366e23c470435b0fa6ebbe
Details sha1 1 
b2c70ca7112d3fd3e0a88d2d38647318e68f836f
Details IPv4 109 
1.0.0.0
Details IPv4 1 
1.0.2.7
Details IPv4 4 
1.0.2.3
Details Url 1 
http://nb7wazsx.briefthink.biz:34412/f/1383738240/3447064450/5
Details Url 1 
http://o3xzf.checkimagine.biz:34412/f/1383770160/1055461891/2
Details Url 1 
http://pfsb77j2.examinevisionary.biz:34412/f/1383780180/1659253748/5
Details Url 1 
http://domain.com/gate.php?data=chjvamvjdd1tb2itaw5nbmwtzmfuzczhy3rpb249zmlszszpzd1jc3m=