QakBot Stealer from Newly Registered Domains

**Zscaler ThreatLabZ analysis of a QakBot campaign:** This report describes malicious Office documents that use heavily obfuscated VBA macros to download and execute the QakBot infostealer, outlining the macro decryption routine, persistence mechanisms, AV/VM evasion checks, process injection and scheduled-task based execution, and provides multiple indicators (MD5s, newly registered domains, and C2 URLs) observed in the campaign.