General

  • Target

    qbittorrent_4.5.4_x64_setup.exe

  • Size

    31.3MB

  • Sample

    230618-w68zdaha39

  • MD5

    6e35e4512488a44ebf34bff82dc4724f

  • SHA1

    38903134b1a0a774cdcf728d3484493e7d83592a

  • SHA256

    3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

  • SHA512

    a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

  • SSDEEP

    786432:rVrG7dnL27saKvlVIbS7ykgixD9ZLstXfL:rVrsdn0sa8IbShgiVXLstXT

Malware Config

Targets

    • Target

      qbittorrent_4.5.4_x64_setup.exe

    • Size

      31.3MB

    • MD5

      6e35e4512488a44ebf34bff82dc4724f

    • SHA1

      38903134b1a0a774cdcf728d3484493e7d83592a

    • SHA256

      3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

    • SHA512

      a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

    • SSDEEP

      786432:rVrG7dnL27saKvlVIbS7ykgixD9ZLstXfL:rVrsdn0sa8IbShgiVXLstXT

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

    • Bazar/Team9 Loader payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks