We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Trojan:Win32/QuarkBandit.A!dha
Aliases: No associated aliases
Summary
Trojan:Win32/QuarkBandit.A!dha is a detection for a piece of malicious software. Analysis of the malware suggests it is a modified version of a known available remote access trojan (RAT). It was used against telecommunication providers, but it is capable of targeting any exploitable network service. The modification gives the actor a backdoor, allowing them to conduct multiple malicious actions on the compromised device, as desired.
The "!dha" suffix in the detection name indicates that this is a heuristic or behavioral detection. This means that the identification occurs by analyzing suspicious actions and patterns of code that are similar to known backdoor behaviors as opposed to having a unique, identified fingerprint. Heuristic detection is used for new variants of known malware families or for detecting threats that exhibit polymorphism that modify the code that is visible on the surface making it hard to detect.
- Disconnect the infected computer from all networks, including wired, Wi-Fi, and Bluetooth, to prevent further communication with C2 servers and halt data exfiltration.
- On a clean, non-infected device, change all passwords, especially for sensitive accounts like email, banking, and social media. Enable multi-factor authentication where possible.
- Manually inspect the Windows Task Scheduler for suspicious tasks and the Windows Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run for unknown auto-start entries.
- Restart your computer and boot into Safe Mode with Networking to prevent most malware from loading.
Microsoft Defender Antivirus automatically removes threats as they are detected. However, many infections can leave remnant files and system changes. Updating your antimalware definitions and running a full scan might help address these remnant artifacts.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
