Overview

overview

8

Static

static

8

rqbuzf.exe

windows7_x64

6

rqbuzf.exe

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rqbuzf.exe

  • Size

    97KB

  • Sample

    210302-fsn2amprhs

  • MD5

    48f14cbe45af64abc5460226a4b94280

  • SHA1

    cc2f56067aeb1cd04c5b0bfcee95bf5931cbdfec

  • SHA256

    d34931b2764f633caafc746674f4a38f7b159f5a89f341ea430cc7b6f13a5d54

  • SHA512

    4087acd3d5de0842dfc26621ec8b3c45d5808f53ff5f827ffc26ec797188929bcb69098f9433fda3ca1049d606bd1ca584d20f61dd221372cab439fd0d9ce505

Score
8/10
persistenceupx

Malware Config

Targets

    • Target

      rqbuzf.exe

    • Size

      97KB

    • MD5

      48f14cbe45af64abc5460226a4b94280

    • SHA1

      cc2f56067aeb1cd04c5b0bfcee95bf5931cbdfec

    • SHA256

      d34931b2764f633caafc746674f4a38f7b159f5a89f341ea430cc7b6f13a5d54

    • SHA512

      4087acd3d5de0842dfc26621ec8b3c45d5808f53ff5f827ffc26ec797188929bcb69098f9433fda3ca1049d606bd1ca584d20f61dd221372cab439fd0d9ce505

    Score
    6/10
    persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks