The Return of Qbot Trojan

Home/IOC's, Malware/The Return of Qbot Trojan

The Return of Qbot Trojan

What is a Malware?

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.

QBot !?

QBOT, with lump names including – Qakbot and Pinkslipbot, a banking trojan malware active since 2008, is back to a task which commits stealing banking credentials, browsing history, and some financial information.

In generic, attackers usually grab victim’s gadget’s under control using a phishing attack to inject Qbot via a dropper. It does this through a combination of techniques that poison the victim’s web sessions, cookie exfiltration, credential theft, including keylogging.

Not surprisingly, Qbot also has the capability of self-replication art to copy itself on removable and shared drives. Though QBot is windows-based, the new version of it has the skill that adds both detection and research-evasion techniques. The new packing layer functionality in it has the power of hiding the code from scanners and signature-based tools.

Infection Process:

Once the victim’s system is compromised, and if they are connected to a local network then they are a threat to other computers of that network because of the Qbot’s lateral movement capabilities. The malware then checks whether the victim can also be a potential bot as part of Qbot’s infrastructure.

IOC’s:

MD5
  • 571cdef12082946e34b77bd50fcb0d38
  • 06ec0af8411d864211baff8afb117f72
  • 2d2fa093dd4fb26a8d14f1906552d238
  • 842d7815923dffc1e1cf2ebbcd0fdf49
  • 2e4c99684fc0046934b984268b16c25b
C&C
  • hxxp://w1.plenimusic[.]com/fakes/

Recommendations:

Organizations need to ensure a close watch on the given IOCs and block it in your relevant security devices to observe such attacks proactively to monitor your security posture.

By | 2020-08-29T14:55:18+00:00 August 29th, 2020|IOC's, Malware|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment