Control Panel Executable Abused For QakBot Infection
QakBot campaign modifies deployment tactics and aims to exploit a DLL hijacking technique that abuses the Windows 10, or later, control panel executable file.
The malware arrives via phishing campaign with an HTML attachment, once executed the attachment presents the recipient with a fake Google Drive page that auto downloads a password protected archive file and kindly displays the password for the archive.
The archive contains four files which are used to launch the Control panel, side load the QakBot loader and finally infect the system with the QakBot malware.
Post infection QakBot will run in the background and obtain other payloads such as Brute Ratel and Cobalt Strike when instructed by the C2.
Featured Resources
View More Resources
blog
Exposure Validation: Continuous Testing Should Drive Continuous Improvement
What’s your end goal? How exactly does this security project make you more secure? Like any technology initiative, those two
Report
2026 Gartner® Market Guide for Adversarial Exposure Validation
The guide covers AEV use cases, key features, and market trends to improve threat exposure visibility and defenses.
blog
Security Spent a Decade Finding More. It Should Have Been Proving More.
Here's an uncomfortable truth most security leaders already suspect but rarely say out loud: Your organization has invested millions in security tools, and