skip to Main Content

Cybercrime, new Quakbot campaign via stolen email conversation

Technical analysis by the Malware Hunter JAMESWT

New Quakbot campaign via stolen mail conversation. The link in the text downloads a zip file with an xls inside. This contacts two URLs from which it downloads the dll and starts the malware infection

A real email conversation conveys the new Quakbot campaign.

 

The link in the text, if open, downloads a zip file with an xls inside. This contacts two URLs from which it downloads the dll and starts the malware infection.

QuakBot (aka Qbot) is a modular cybercrime banking trojan known to target companies. Goal: to steal money from their online bank accounts. It features worm functionality for automatic replication via shared drives and removable media. The code uses powerful info-stealer features to spy on users’ banking activity.

Malware’s C2

Back To Top