Security researchers at Microsoft have broken down the attack chain of the Qbot malware into distinct “building blocks,” to help defenders understand and ultimately thwart the various tactics threat actors employ to infiltrate and then deploy the Qbot malware. Qbot is a widespread Windows malware cyber criminals use to steal credentials, propagate to other systems and networks, and provide remote access to ransomware groups. Qbot usually spreads via phishing campaigns or by another malware infection.

The Microsoft researchers note that due to Qbot’s modular nature, Qbot infections could look different on each compromised device. Nevertheless, every Qbot attack begins with the delivery mechanism, usually via email, followed by the Macro attachment to deliver the Qbot payload. The macro attachment can be a hyperlink, attachment, or an embedded image. Qbot is usually downloaded as an executable and has the ability to survive reboots to maintain persistence. Qbot is often observed dropping additional malware, including ransomware. Read more at BleepingComputer or access the original report at Microsoft.