The .jar attachment downloads the malware. This is a Trojan, capable of stealing credentials and loading additional malicious payloads into the victim's PC.
Technical analysis by the Malware Hunter JAMESWT
Cybercrime exploited ABEL RENOVATIONS, INC company certificates in it international signed campaign
QuakBot hits again in its international signed campaign. New malicious mails have been distributed by cybercrime exploiting the “ABEL RENOVATIONS, INC” company’s certificates to sign the executable file. The template and xls attachment are the same of its global attacks, but links are new. The objective is to decept the anti virus and let the victims download and install the malware through the attachment and a link. Criminal hackers for this purpose are exploiting organizations from different countries. In the last period have been used many signatures. They include those related to:
Mislean Software Limited
Master Networking s.r.o.
DocsGen Software Solutions Inc.
Digital Capital Management Ireland Limited
Equal Cash Technologies Limited
Korist Networks Incorporated
Akhirah Technologies Inc.
Bamboo Connect s.r.o.
OLIMP STROI OOO
Cubic Information Systems UAB
Highweb Ireland Operations Limited
THREE D CORPORATION PTY LTD
SERVICE STREAM LIMITED
“ABEL RENOVATIONS, INC”
The malware is a banking trojan with worm capabilites
QuakBot (aka Qbot) malware is a modular cybercrime banking trojan known to target businesses to steal money from their online banking accounts. It features worm capabilities to self-replicate through shared drives and removable media. The code uses powerful information-stealing features to spy on users’ banking activity.