Overview

overview

10

Static

static

3

qbittorren...up.exe

windows7-x64

10

qbittorren...up.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qbittorrent_4.5.3_x64_setup.exe

  • Size

    31.5MB

  • Sample

    230606-ha3wlach3t

  • MD5

    59950b6d52726702f8f868aa8492dc71

  • SHA1

    1ca7caf1192d0a4be0eb9cf8be44b79f2d08958d

  • SHA256

    99b0fce9fcf8f384b435f4d685536ff2e4150224ef0391c581588ba55e75a138

  • SHA512

    b5bf7c9e1a8f441cf101b6c3094cafc80c3649df5135acd531471c02e9bcb598b8b481d99a61ae333e45f73be29b54fa0b7766d9b9eb138a2e046f147ddbae90

  • SSDEEP

    786432:rfmX+yD1AXaUxBBeKus4SoaHC36aEDjb1fYNX:rfy+yBAVBIKu/+iqaAJQNX

Score
10/10
bazarloaderdiscoverydropperloader

Malware Config

Targets

    • Target

      qbittorrent_4.5.3_x64_setup.exe

    • Size

      31.5MB

    • MD5

      59950b6d52726702f8f868aa8492dc71

    • SHA1

      1ca7caf1192d0a4be0eb9cf8be44b79f2d08958d

    • SHA256

      99b0fce9fcf8f384b435f4d685536ff2e4150224ef0391c581588ba55e75a138

    • SHA512

      b5bf7c9e1a8f441cf101b6c3094cafc80c3649df5135acd531471c02e9bcb598b8b481d99a61ae333e45f73be29b54fa0b7766d9b9eb138a2e046f147ddbae90

    • SSDEEP

      786432:rfmX+yD1AXaUxBBeKus4SoaHC36aEDjb1fYNX:rfy+yBAVBIKu/+iqaAJQNX

    Score
    10/10
    bazarloaderdiscoverydropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks