Researchers have examined the new techniques that a decade old banking Trojan called Qbot (aka Qakbot and Pinkslipbot) is exhibiting. The malware is capable of stealing information such as passwords, emails, credit card information, and more. It can also be used as a downloader for other malware, including ransomware packages. Commands from the bot controller can cause Qbot, on the infected system, to connect and make financial transactions with the victim’s credentials. Additionally, Qbot can use stolen emails to send replies to other potential victims, making such replies appear legitimate. observed an Emotet campaign that dropped a newer copy of Qbot on victims’ systems. August saw a new malspam campaign distributing Qbot. The majority of the victims in this campaign resided in the US and Europe, with government, military, and manufacturing industries being the most targeted. The infection vector is an email, possibly an email thread stolen from a previous victim, with a malicious attachment or URL. A Visual Basic Script (VBS) stored in a malicious archive is used to start the infection process. Using VBS as a standalone script is relatively new (since April 2020) for malware. Normally, VBS is used as the macro in a weaponized Word document for installation. The VBS file is padded with NULL bytes to make it larger than 35 megabytes, a figure most sandboxes ignore. Once activated, the script sleeps for a period of time, also in an attempt to bypass sandbox environments. Obfuscation is used, as well as a number of anti-virtual machine and anti-debugging techniques, to avoid detection. Persistence is gained through registry keys and a scheduled task.