Qbot, AKA Qakbot, has been around for at least 2008, but it recently experienced a large surge in development and deployments. Qbot primarily targets sensitive information like banking credentials. The packers strings and code blocks are randomized in ways that make it difficult to create a detection signature. We analyzed 618 packed samples, which unpacked to 73 unique samples. We terminate the process before the unpacked code runs, so the VM shouldnt need to be reverted between samples. The compression appears to be custom, but is similar to LZSS with offset-length pairs pointing to bytes in the data.”]
Source: https://blog.talosintelligence.com/2016/04/qbot-on-the-rise.html