Skip to content

Hide Navigation Hide TOC

WEBC2-QBP (84f3bacf-abd5-445e-a98a-5b02f1eaac92)

The WEBC2 malware family is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. The WEBC2-QBP variant will search for two strings in a HTML comment. The first will be "2010QBP " followed by " 2010QBP//--". Inside these tags will be a DES-encrypted string.

Cluster A Galaxy A Cluster B Galaxy B Level
WebC2-Qbp (71d8ef43-3767-494b-afaa-f58aad70df65) Malpedia WEBC2-QBP (84f3bacf-abd5-445e-a98a-5b02f1eaac92) Tool 1