skip to Main Content

Cybercrime, Bitubit LLC-Aqua Direct s.r.o last Quakbot signed campaign victims

Technical analysis by the Malware Hunter JAMESWT

Bitubit LLC  is the last victim in Quakbot signed campaign

“Bitubit LLC” and Aqua Direct s.r.o have been used by cybercrime to spread Quakbot in a “signed” malspam campaign. The company certificates have being exploited to sign the attachment, an executable file. The objective is to decept the anti virus and let the victims download and install the malware through the attachment and a link. For this purpose organizations from different countries have been exploited. In the last period have been used many signatures. They include those related to:

Mislean Software Limited

Master Networking s.r.o.

DocsGen Software Solutions Inc.

Digital Capital Management Ireland Limited

Equal Cash Technologies Limited

Korist Networks Incorporated

Instamix Limited

Akhirah Technologies Inc.

Bamboo Connect s.r.o.

OLIMP STROI OOO

BOREC OOO

Cubic Information Systems UAB

Highweb Ireland Operations Limited

VESNA OOO

THREE D CORPORATION PTY LTD

Umbrella LLC

Olymp LLC

Hairis LLC

SERVICE STREAM LIMITED

ABEL RENOVATIONS, INC

TRAUMALAB INTERNATIONAL APS

OOO Vertical

APPI CZ

APP DIVISION ApS

FORTUNE STAR TRADING, INC

Bitubit LLC

Aqua Direct s.r.o

The malware is a banking trojan with worm capabilites

QuakBot (aka Qbot) malware is a modular cybercrime banking trojan known to target businesses to steal money from their online banking accounts. It features worm capabilities to self-replicate through shared drives and removable media. The code uses powerful information-stealing features to spy on users’ banking activity.

Back To Top