QBot partners with Egregor ransomware in bot-fueled attacks


Level 85
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September.
Qbot, otherwise known as QakBot or QuakBot, is Windows malware that steals bank credentials, Windows domain credentials, and provides remote access to threat actors who install ransomware.
Victims usually become infected with Qbot through phishing emails utilizing Excel documents that pretend to be DocSign documents, [...]
In a new report by Oleg Skulkin, Senior Digital Forensics Analyst at Group-IB. a Singapore-based cybersecurity company, has found that Qbot is has stopped distributing ProLock and is now working with Egregor.

Full report below by researchers:
Last edited: