General
-
Target
qbittorrent_4.5.3_x64_setup.exe
-
Size
31.5MB
-
Sample
230609-q8tpkscc56
-
MD5
59950b6d52726702f8f868aa8492dc71
-
SHA1
1ca7caf1192d0a4be0eb9cf8be44b79f2d08958d
-
SHA256
99b0fce9fcf8f384b435f4d685536ff2e4150224ef0391c581588ba55e75a138
-
SHA512
b5bf7c9e1a8f441cf101b6c3094cafc80c3649df5135acd531471c02e9bcb598b8b481d99a61ae333e45f73be29b54fa0b7766d9b9eb138a2e046f147ddbae90
-
SSDEEP
786432:rfmX+yD1AXaUxBBeKus4SoaHC36aEDjb1fYNX:rfy+yBAVBIKu/+iqaAJQNX
Malware Config
Targets
-
-
Target
qbittorrent_4.5.3_x64_setup.exe
-
Size
31.5MB
-
MD5
59950b6d52726702f8f868aa8492dc71
-
SHA1
1ca7caf1192d0a4be0eb9cf8be44b79f2d08958d
-
SHA256
99b0fce9fcf8f384b435f4d685536ff2e4150224ef0391c581588ba55e75a138
-
SHA512
b5bf7c9e1a8f441cf101b6c3094cafc80c3649df5135acd531471c02e9bcb598b8b481d99a61ae333e45f73be29b54fa0b7766d9b9eb138a2e046f147ddbae90
-
SSDEEP
786432:rfmX+yD1AXaUxBBeKus4SoaHC36aEDjb1fYNX:rfy+yBAVBIKu/+iqaAJQNX
Score10/10-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-