Qakbot Upgrades to Stealthier Persistence Method

Qakbot (a versatile banking trojan) has been updated to combine its loader and bot into a single DLL, employ stealthy delivery via Excel 4 macros distributed by spam campaigns, and shift runtime configuration/logging into encrypted registry entries; post-compromise activity includes deploying Cobalt Strike and ransomware families (ProLock, Egregor). The report describes infection flow, evasive persistence (scheduled tasks, dynamic Run key installation on shutdown/resume), low initial AV detection rates, and provides IoCs and a scheduled task example.