Live Stream VOD: Qakbot Config Extractor (Patreon)

Twitch live stream VOD. We build a static config extractor for Qakbot / Qbot malware using Python. In this stream we complete building out the C++ structs for the malware, identify how the config is stored, and replicate the config decryption in Python.

Sample available on Malshare:

670e990631c0b98ccdd7701c2136f0cb8863a308b07abd0d64480c8a2412bde4

Lab Notes - includes static config extractor:

Qakbot Analysis

I have also uploaded an IDC script that you can run in IDA to replicate the structs and labels that we built during our stream. It is attached to this post.