skip to Main Content

Cybercrime, Quakbot campaign exploits a real stolen mail conversation

Technical Analysis by the Malware Hunter JAMESWT

New Quakbot campaign takes advantage of real stolen mail conversation. The zip attachment of the message, written in Italian and English, contains an xls. This contacts a url from an internal list and downloads the dll, which starts the malware infection

New Quakbot campaign uses real stolen email conversation as bait. The text of the message, however, is written partly in Italian and partly in English.

The compressed attachment in zip format contains an xls file. This, if opened, contacts a url from an internal list and downloads the dll, which starts the malware infection. QuakBot (aka Qbot) is a modular cybercrime banking trojan known to target companies. Goal: to steal money from their online bank accounts. It features worm functionality for automatic replication via shared drives and removable media. The code uses powerful info-stealer features to spy on users’ banking activity.

The C2s contacted by Quakbot

Back To Top