skip to Main Content

Cybercrime, Quakbot exploits malicious xls armed with SilentBuilder

Technical analysis by the Malware Hunter JAMESWT

Quakbot exploits malicious xls armed with SilentBuilder. The latest signed campaign uses SHOECORP LIMITED corporate certificates to trick anti-viruses and download malware

Quakbot’s global signed campaign is still evolving and starting to use malicious xls files, armed with SilentBuilder. The latest company exploited is SHOECORP LIMITED. Its certificates were used to sign the Excel attachment, an executable file. The goal is to deceive the antivirus and allow victims to download and install the malware through the attachment and a link that downloads a dll, from which the chain of infection starts. QuakBot (aka Qbot) is a modular cybercrime banking Trojan known for targeting companies. Goal: to steal money from their online bank accounts. It features worm functionality for automatic replication via shared drives and removable media. The code uses powerful info-stealer features to spy on users’ banking activity.

The C2s

Back To Top