Technical analysis by the Malware Hunter JAMESWT

Quakbot campaign via real stolen email conversation. The two links in the message download a zip with an xls inside, which contacts three URLs from which the dll is downloaded, starting the malware infection

Quakbot uses a real stolen email conversation to spread in a global campaign.

The two links in the message download a zip file with an xls inside. This then contacts three other URLs from which the dll is downloaded, which starts the infection of the malware.

QuakBot (aka Qbot) is a modular cybercrime banking trojan known for targeting companies. Goal: to steal money from their online bank accounts. It features worm functionality for automatic replication via shared drives and removable media. The code uses powerful info-stealer features to spy on users’ banking activity.