• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
researchers decrypted qakbot banking trojan's encrypted registry keys

Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys

You are here: Home / General Cyber Security News / Researchers Decrypted Qakbot Banking Trojan’s Encrypted Registry Keys
January 13, 2022

Cybersecurity researchers have decoded the mechanism by which the functional Qakbot banking trojan handles the insertion of encrypted configuration details into the Windows Registry.

Qakbot, also identified as QBot, QuackBot and Pinkslipbot, has been observed in the wild given that 2007. Even though largely fashioned as an data-stealing malware, Qakbot has because shifted its targets and obtained new features to supply publish-compromise attack platforms these kinds of as Cobalt Strike Beacon, with the ultimate objective of loading ransomware on contaminated equipment.

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“It has been constantly developed, with new capabilities released these as lateral movement, the ability to exfiltrate email and browser data, and to set up additional malware,” Trustwave scientists Lloyd Macrohon and Rodel Mendrez mentioned in a report shared with The Hacker News.

In the latest months, phishing campaigns have culminated in the distribution of a new loader named SQUIRRELWAFFLE, which acts as a channel to retrieve ultimate-phase payloads these kinds of as Cobalt Strike and QBot.

Newer variations of Qakbot have also received the means to hijack email and browser information as well as insert encrypted configuration data pertaining to the malware into the registry as opposed to crafting them to a file on disk as component of its attempts to go away no trace of the infection.

“Even though QakBot is not heading fully fileless, its new methods will absolutely lessen its detection,” Hornetsecurity researchers pointed out in December 2020.

Prevent Data Breaches

Trustwave’s investigation into the malware aims to reverse engineer this system and decrypt the configuration stored in the registry crucial, with the cybersecurity business noting that the important employed to encrypt the registry critical price details is derived from a blend of computer system identify, volume serial selection, and the user account title, which is then hashed and salted together with a 1-byte identifier (ID).

“The SHA1 hash result will be made use of as a derived important to decrypt the registry crucial value knowledge respective to the ID employing the RC4 algorithm,” the researchers reported, in addition to creating readily available a Python-primarily based decryptor utility that can be applied to extract the configuration from the registry.

Located this short article appealing? Observe THN on Fb, Twitter  and LinkedIn to go through extra exceptional content we submit.


Some pieces of this posting are sourced from:
thehackernews.com

Previous Post: «adobe cloud abused to steal office 365, gmail credentials Adobe Cloud Abused to Steal Office 365, Gmail Credentials
Next Post: GootLoader Hackers Targeting Employees of Law and Accounting Firms gootloader hackers targeting employees of law and accounting firms»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data
  • New Russian-Linked Malware Poses “Immediate Threat” to Energy Grids
  • Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities
  • 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
  • Romania’s Safetech Leans into UK Cybersecurity Market
  • New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids
  • Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
  • Advanced Phishing Attacks Surge 356% in 2022
  • Expo Framework API Flaw Reveals User Data in Online Services
  • NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

Copyright © TheCyberSecurity.News, All Rights Reserved.