Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
Technical analysis by the Malware Hunter JAMESWT
Quakbot campaign via real stolen email conversation. The two links in the message download a zip with an xls inside, which contacts three URLs from which the dll is downloaded, starting the malware infection
Quakbot uses a real stolen email conversation to spread in a global campaign.
The two links in the message download a zip file with an xls inside. This then contacts three other URLs from which the dll is downloaded, which starts the infection of the malware.
QuakBot (aka Qbot) is a modular cybercrime banking trojan known for targeting companies. Goal: to steal money from their online bank accounts. It features worm functionality for automatic replication via shared drives and removable media. The code uses powerful info-stealer features to spy on users’ banking activity.