Botnet C&C

Description

Quakbot (also known as Qakbot) is a bot that is primarily designed to spread through network drives and removable disks like USB thumb drives.

Symptoms

Some possible symptoms include, but are not limited to:

Addition of a DLL called Q1.dll to Windows
Creation of an executable called qbot[RANDOM].exe
Creation of an autorun.inf inside a removable drive to facilitate infection spread

Analysis

Quakbot is designed to collect information on you and send that information back to a remote host or hosts.

It can monitor all the keystrokes you make, the websites you visit, collect credit card and banking information as well as steal username and password details. It also can download and execute additional files and will open a backdoor on the victim's system.

Instructions

It is not recommended that any attempts to remove this malware be performed manually. Fortinet recommends that you remove this threat by running a complete scan of your system using FortiClient Endpoint Protection.

ID	7630053
Created	Jun 10, 2016
Description Updated	Sep 11, 2019
Platform	Win32

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Quakbot

Description

Symptoms

Analysis

Instructions

Telemetry

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Botnet C&C

Quakbot

Description

Symptoms

Analysis

Instructions

Telemetry

Threat Intelligence
Center