Qbot, an information stealer active since 2007, has re-emerged after a law enforcement disruption in May 2024. New research reveals connections between Qbot, Zloader, and BlackBasta ransomware. A new backConnect malware, likely developed by Qbot operators, uses DLL side-loading techniques and RC4 encryption. The malware checks for running copies of itself, uses registry keys for configuration, and communicates system information to its command and control server. Analysis of related files suggests potential use in future ransomware attacks. The report provides IOCs and a YARA rule for detection.