Overview

overview

10

Static

static

3

qbittorren...up.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qbittorrent_4.5.4_x64_setup.exe

  • Size

    31.3MB

  • Sample

    230620-29vttaeg46

  • MD5

    6e35e4512488a44ebf34bff82dc4724f

  • SHA1

    38903134b1a0a774cdcf728d3484493e7d83592a

  • SHA256

    3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

  • SHA512

    a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

  • SSDEEP

    786432:rVrG7dnL27saKvlVIbS7ykgixD9ZLstXfL:rVrsdn0sa8IbShgiVXLstXT

Score
10/10
bazarloaderdiscoverydropperloader

Malware Config

Targets

    • Target

      qbittorrent_4.5.4_x64_setup.exe

    • Size

      31.3MB

    • MD5

      6e35e4512488a44ebf34bff82dc4724f

    • SHA1

      38903134b1a0a774cdcf728d3484493e7d83592a

    • SHA256

      3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

    • SHA512

      a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

    • SSDEEP

      786432:rVrG7dnL27saKvlVIbS7ykgixD9ZLstXfL:rVrsdn0sa8IbShgiVXLstXT

    Score
    10/10
    bazarloaderdiscoverydropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks