Qakbot Learns Calc

Share This Post

A recent malware campaign reported by Cyble shows evolving phishing methods used to deploy Qakbot malware. The attack uses recently observed methods to perform a DLL side-loading attack, exploiting a vulnerable Windows 7 calculator executable in order to deliver the Qakbot payload.

While the use of .html files and attachments aren’t new to phishing, attackers seem to be having success circumventing security measures using these techniques. Utilizing a password protected .zip file that contains a .iso, attackers are able to trick victims into clicking .lnk files which point to malicious payloads hidden within the .iso images.

In this particular attack, a legitimate (but vulnerable) Windows 7 calc.exe masquerades as a document. When the victim opens this file, a chain of events unfolds in where a malicious .dll is called and ultimately the Qakbot payload is downloaded on the victims machine. Cyble has a very good write up of it, included in the link below.

So what can we do? Ultimately the advice is the same. Educate users not open unexpected attachments and be sure to report anything that looks off. Be sure all endpoint systems are protected and be sure to have network monitoring, and logging in place. Also make sure to develop your Incident Response Plans and Playbooks so you know specifically how to react and contain an incident, using the tools in your environment.



Reach out to our incident response team for help

More To Explore

Information Security News – 6/2/2025

Why Layoffs Increase Cybersecurity Risks Article Link: https://www.helpnetsecurity.com/2025/05/26/layoffs-cybersecurity-risks/ The CISO’s Dilemma: Balancing Access, Security, and Operational Continuity Article Link: https://www.forbes.com/councils/forbestechcouncil/2025/05/27/the-cisos-dilemma-balancing-access-security-and-operational-continuity/ Massive Data Breach Exposes 184

Information Security News – 5/19/2025

Attackers Lace Fake Generative AI Tools With ‘Noodlophile’ Malware Article Link: https://www.darkreading.com/endpoint-security/attackers-fake-generative-ai-tools-malware CISA Reverses Decision on Cybersecurity Advisory Changes Article Link: https://www.infosecurity-magazine.com/news/cisa-reverses-decision-advisory/ FBI Warns That

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.