[QakBot now targets hospital's]
by eyelock - Monday December 18, 2023 at 03:38 PM
A fresh batch of phishing messages has been detected, spreading the QakBot malware.

[Image: images?q=tbn:ANd9GcSBIjjMLnaDQhVwUJHejOd...A&usqp=CAU]

This comes after law enforcement successfully dismantled its command-and-control (C2) network a few months ago. 

Microsoft discovered this low-volume campaign, which started on December 11, 2023, and specifically targeted the hospitality industry.

The targets received a PDF from someone pretending to be an IRS employee.

Inside the PDF, there was a URL that downloaded a digitally signed Windows Installer (.msi) file.

Running the MSI file triggered the activation of QakBot through the execution of an embedded DLL using the 'hvsi' export.

Microsoft stated that the payload was created on the same day the campaign began and it is set up with a version 0x500 that has not been seen before.

QakBot, also known as QBot and Pinkslipbot, was stopped during Operation Duck Hunt when authorities accessed its infrastructure and directed infected computers to download an uninstaller file, rendering the malware useless.

Possibly Related Threads…
Thread Author Replies Views Last Post
  New Malware Campaign Targets Inexperienced Cyber Criminals with OpenBullet Configs Gaspar_D2 3 982 01-31-2024, 06:38 PM
Last Post: anonleech
  The Palestinian hospital was bombed thyshen 23 3,908 10-31-2023, 04:18 PM
Last Post: insidious100
  Qakbot Malware Platform Taken Down in International Law Enforcement Operation Patoslam 1 846 09-03-2023, 07:02 AM
Last Post: breachedu76
  Qakbot Malware Platform Taken Down in International Law Enforcement Operation Patoslam 0 739 08-31-2023, 10:15 PM
Last Post: Patoslam
  Qakbot Malware disrupted in International Cyber Takedown Frame 2 773 08-30-2023, 06:21 AM
Last Post: 1vwvn349

 Users browsing this thread: 1 Guest(s)