Qakbot has been around in one iteration or another since 2008. It’s managed to remain relevant through an ever-evolving set of functionalities useful to threat actors intent on data theft, espionage, digital fraud, and ransomware alike. Most recently, Qakbot was seen as the initial infection in Black Basta ransomware attacks in English-speaking countries throughout the world, demonstrating that this now-14 year old piece of technology has been keeping itself in shape and maintaining its usefulness, despite doing so in a world where thousands of instances of new malware sprout up every single day.
In this Real Training for Free webcast, you’ll first hear from 4-time Microsoft MVP, Nick Cavalancia, as he provides an overview of Qakbot, including:
- A brief history of Qakbot’s evolution
- It’s most common uses within attacks
- Aligning Qakbot with the MITRE ATT&CK Framework to demonstrate how much of an attack it’s really involved in
Up next, we’ll hear from Thomas Elkins, Associate Detection and Response Analyst from RAPID7, as he unpacks Qakbot, giving you a first-hand look at what makes up this prolific malware and how it functions, including:
- A live demonstration of contents contained with qakbots .ISO file
- An analysis of packed DLL and unpacking DLL using hollows_hunter
- An analysis of unpacked DLL using Ghidra and IDA disassemblers
- A demonstration of decrypting the strings table and C2 table contained within the resources section
After Thomas, we’ll hear from Stephen Davis, Lead D&R Sales Technical Advisor at Rapid7 who will discuss the importance of XDR as it relates to detecting and remediating malware and ransomware attacks. He'll also show us in real time how detections in the Rapid7 InsightIDR library trigger specifically for Qakbot.
This Real Training for Free session will be chock full of practical, real-world content!