Qakbot analysis — Dangerous malware has been around for more than a decade

As part of my work at Vincss, I wrote a detailed analysis about Qakbot.

QakBot (also known as QBot, QuakBot, Pinkslipbot) is one of the famous Banking Trojan with the main task to steal banking credentials, online banking session information, or any other banking data. Although detected by anti-virus software vendors since 2008, but util now it’s still operating and keep continuously maintained by the gangs behind it. Qakbot continuously evolves by applying advance or new techniques to evade detection and avoid reverse analysis, making analysis more difficult. In recent reports, it could be used to drop other malware such as ProLock, Egregor ransomware.

The gangs behind Qakbot are also active in adding more sophisticated techniques for further development and feature expansion. So far, the identities of people behind Qbot are unknown. Hopefully, in the near future, Qakbot will be taken down similar to Emotet.