What is a Malware?
Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
QBot !?
QBOT, with lump names including – Qakbot and Pinkslipbot, a banking trojan malware active since 2008, is back to a task which commits stealing banking credentials, browsing history, and some financial information.
In generic, attackers usually grab victim’s gadget’s under control using a phishing attack to inject Qbot via a dropper. It does this through a combination of techniques that poison the victim’s web sessions, cookie exfiltration, credential theft, including keylogging.
Not surprisingly, Qbot also has the capability of self-replication art to copy itself on removable and shared drives. Though QBot is windows-based, the new version of it has the skill that adds both detection and research-evasion techniques. The new packing layer functionality in it has the power of hiding the code from scanners and signature-based tools.
Infection Process:
Once the victim’s system is compromised, and if they are connected to a local network then they are a threat to other computers of that network because of the Qbot’s lateral movement capabilities. The malware then checks whether the victim can also be a potential bot as part of Qbot’s infrastructure.
IOC’s:
MD5
- 571cdef12082946e34b77bd50fcb0d38
- 06ec0af8411d864211baff8afb117f72
- 2d2fa093dd4fb26a8d14f1906552d238
- 842d7815923dffc1e1cf2ebbcd0fdf49
- 2e4c99684fc0046934b984268b16c25b
C&C
- hxxp://w1.plenimusic[.]com/fakes/
Recommendations:
Organizations need to ensure a close watch on the given IOCs and block it in your relevant security devices to observe such attacks proactively to monitor your security posture.
Leave A Comment