Qakbot has been used to drop ransomware such as Prolock, Egregor and DoppelPaymer. The malware is primarily spread through phishing emails and malicious attachments, although Qakbot has also been observed as a secondary payload, dropped by other botnets such as Emotet. Qakbot also contains multiple evasion techniques and sandbox detection. New functionalities have been added to include C2 communication to acquire additional malware modules and perform data exfiltration. It is primarily used to steal sensitive information from infected systems, such as login credentials and financial information, and can also be used to download and execute additional malware on the victim system. Qakbot has worm-like capabilities that allow it to propagate an infected network autonomously. Qakbot banking trojan is a sophisticated and dangerous piece of malware that has been active since at least 2007. Moreover, the Trellix Advanced Research Center has detected various campaigns that used OneNote documents to distribute other malware such as AsyncRAT, Icedid, XWorm etc. Since the end of January 2023, there has been an upsurge in the number of Qakbot campaigns using a novel delivery technique: OneNote documents for malware distribution. Qakbot (aka QBot, QuakBot, and Pinkslipbot) is a sophisticated piece of malware that has been active since at least 2007. Qakbot Evolves to OneNote Malware Distributionīy Pham Duy Phuc, Raghav Kapoor, John Fokker J.E., Alejandro Houspanossian and Mathanraj Thangaraju
0 Comments
Leave a Reply. |