Discover and read the best of Twitter Threads about #QuantLoader

Most recents (1)

Today we’re tracking an active #spam campaign that employs multiple components to distribute #Pliskal (aka #QuantLoader), a known downloader trojan. The email subject and attachment file name contains the date (27032018) and "Purchase", "Order", "Purchase Order", or "PO". ImageImage
While emails in this campaign indicate an "attached PDF", the attachments are .zip archives containing a .url file. The .url files point to a remote location hosting an obfuscated .wsf file, which in turn downloads the payload from several URLs.
The multi-component approach is meant to evade detection. But we block the emails, related malicious URLs, components, and payload. The payload (SHA-256: 674b84d4d2da5141870576dfe1e05463ad5e5c1a050d1e68fd92426084942052) is detected by #WindowsDefenderAV as Trojan:Win32/Pliskal.B.
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!