Markel Picado Ortiz
Last known affiliation: Threatray
Bio: Markel (a.k.a d00rt) is a cybersecurity researcher focused on malware RE. He currently works at Threatray as Senior Malware Intelligence Analyst. Previously he has worked at antivirus companies such as Panda and Sophos as well as other cybersecurity related companies such as Hatching, Cylera and Deloitte. Mostly focused on analysis and reversing banking malware and tracking botnets. He is also an active user in the cyber-sec community and from time to time publishes open source tools and malware related articles. These tools include an Emotet network protocol emulator as well as an Emotet unpacker and config extractor.
Markel Picado Ortiz 🗣 | Carlos Rubio Ricote 🗣
Abstract (click to view)
The goal of this presentation is to study and analyse the evolution of the code and the capabilities of Qakbot. In particular, we’ll identify new features being added over time, features that remain stable, and features that are removed over the observation period. The analysis shall also give us information on the evolution of the attacker’s goals and tactics.
All this research is based on the study of the binary code of the Qakbot payload. The level of presentation shall contain high level insights accessible to a broader audience and also contain explanations at assembly level appealing to a more technically inclined audience. By analysing the binaries distributed on the Qakbot botnets, it is clear how the botnet updates the version of Qakbot it is distributing to always have the latest version running on infected machines.
In the following we’re outlining some preliminary data and findings which we’ll evolve further towards our presentation.
