The zip attachment contains an exe file: the malware itself. This, if opened, activates the infection.
Technical analysis by the Malware Hunter JAMESWT
New Quakbot campaign via stolen mail conversation. The link in the text downloads a zip file with an xls inside. This contacts two URLs from which it downloads the dll and starts the malware infection
A real email conversation conveys the new Quakbot campaign.
The link in the text, if open, downloads a zip file with an xls inside. This contacts two URLs from which it downloads the dll and starts the malware infection.
QuakBot (aka Qbot) is a modular cybercrime banking trojan known to target companies. Goal: to steal money from their online bank accounts. It features worm functionality for automatic replication via shared drives and removable media. The code uses powerful info-stealer features to spy on users’ banking activity.