Botnet C&C

Quakbot

Brief

Quakbot (also known as Qakbot) is a bot that is primarily designed to spread through network drives and removable disks like USB thumb drives.

Symptoms

Some possible symptoms include, but are not limited to:

  • Addition of a DLL called Q1.dll to Windows
  • Creation of an executable called qbot[RANDOM].exe
  • Creation of an autorun.inf inside a removable drive to facilitate infection spread

Analysis

Quakbot is designed to collect information on you and send that information back to a remote host or hosts.

It can monitor all the keystrokes you make, the websites you visit, collect credit card and banking information as well as steal username and password details. It also can download and execute additional files and will open a backdoor on the victim's system.

Instructions

It is not recommended that any attempts to remove this malware be performed manually. Fortinet recommends that you remove this threat by running a complete scan of your system using FortiClient Endpoint Protection.