skip to Main Content

Cybercrime, Quakbot campaign via real stolen email conversation

Technical analysis by the Malware Hunter JAMESWT

Quakbot campaign via real stolen email conversation. The two links in the message download a zip with an xls inside, which contacts three URLs from which the dll is downloaded, starting the malware infection

Quakbot uses a real stolen email conversation to spread in a global campaign.

The two links in the message download a zip file with an xls inside. This then contacts three other URLs from which the dll is downloaded, which starts the infection of the malware.

QuakBot (aka Qbot) is a modular cybercrime banking trojan known for targeting companies. Goal: to steal money from their online bank accounts. It features worm functionality for automatic replication via shared drives and removable media. The code uses powerful info-stealer features to spy on users’ banking activity.

Back To Top