Win32/Qakbot
Microsoft Defender Antivirus detects and removes this threat.
This malware family can give a malicious hacker access and control of your PC. They can then steal your sensitive information.
For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Backdoor:Win32/Qakbot.gen!arc
Backdoor:Win32/Qakbot.gen!arc is a generic detection for an archive file that contains a copy of Backdoor:Win32/Qakbot.
For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Backdoor:Win32/Qakbot.gen!A
Backdoor:Win32/Qakbot.gen!A is a generic detection for a trojan backdoor that connects to a remote server, allowing an attacker to access the infected system. By allowing remote access, this backdoor trojan can perform several actions including stealing information and logging user keystrokes. Some variants of this malware may attempt to spread to open shares across a network, including the default shares C$ and Admin$.
For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Backdoor:Win32/Qakbot.gen!cfg
Backdoor:Win32/Qakbot.gen!cfg is a detection for a configuration data file and component of Backdoor:Win32/Qakbot.
For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Trojan:Win32/Qakbot
Microsoft Defender Antivirus detects and removes this threat.
Qakbot, also known as Quakbot, Qbot, and similar names, has been active since 2007. Qakbot started life as a credential stealer optimized to obtain credentials from banking and other financial services. In 2020 and 2021, Qakbot has been observed to lead to ransomware-as-a-service (RaaS) actors responsible for expedient ransomware and data exfiltration from organizations via purchased access to Qakbot infections.
Qakbot global campaign has been impacting organizations with malicious email deliveries that lead to infection with a renovated Qakbot implant that quickly ascertains system information to determine which organizations are valuable for resale. Qakbot transitions to human re-entry by a motivated operator based on the company or network profile obtained during reconnaissance. The consequences are likely to involve ransomware and data exfiltration as well as increased scope of organizational compromise.
Read these blogs for details:
Backdoor:Win32/Qakbot
Microsoft Defender Antivirus detects and removes this threat.
This malware family can give a malicious hacker access and control of your PC. They can then steal your sensitive information.
See the Win32/Qakbot description for more information.
For more information on this threat, read: Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks
Behavior:Win32/Qakbot
This is a behavior-based telemetry signature for Qakbot.
Read the following blogs for details:
TrojanSpy:Win32/Qakbot
Microsoft Defender Antivirus detects and removes this threat.
Qakbot, also known as Quakbot, Qbot, and similar names, has been active since 2007. Qakbot started life as a credential stealer optimized to obtain credentials from banking and other financial services. In 2020 and 2021, Qakbot has been observed to lead to ransomware-as-a-service (RaaS) actors responsible for expedient ransomware and data exfiltration from organizations via purchased access to Qakbot infections.
Qakbot global campaign has been impacting organizations with malicious email deliveries that lead to infection with a renovated Qakbot implant that quickly ascertains system information to determine which organizations are valuable for resale. Qakbot transitions to human re-entry by a motivated operator based on the company or network profile obtained during reconnaissance. The consequences are likely to involve ransomware and data exfiltration as well as increased scope of organizational compromise.
Read these blogs for details: