Overview

overview

10

Static

static

10

tqtc-qt5-e...nt.ps1

windows7-x64

1

tqtc-qt5-e...nt.ps1

windows10-2004-x64

1

tqtc-qt5-e...tp.ps1

windows7-x64

1

tqtc-qt5-e...tp.ps1

windows10-2004-x64

1

tqtc-qt5-e...ks.ps1

windows7-x64

1

tqtc-qt5-e...ks.ps1

windows10-2004-x64

1

tqtc-qt5-e...or.ps1

windows7-x64

8

tqtc-qt5-e...or.ps1

windows10-2004-x64

8

tqtc-qt5-e...er.ps1

windows7-x64

1

tqtc-qt5-e...er.ps1

windows10-2004-x64

1

tqtc-qt5-e...or.ps1

windows7-x64

1

tqtc-qt5-e...or.ps1

windows10-2004-x64

1

tqtc-qt5-e...ic.ps1

windows7-x64

8

tqtc-qt5-e...ic.ps1

windows10-2004-x64

8

tqtc-qt5-e...es.ps1

windows7-x64

1

tqtc-qt5-e...es.ps1

windows10-2004-x64

1

tqtc-qt5-e...rk.ps1

windows7-x64

1

tqtc-qt5-e...rk.ps1

windows10-2004-x64

7

tqtc-qt5-e...er.ps1

windows7-x64

1

tqtc-qt5-e...er.ps1

windows10-2004-x64

1

tqtc-qt5-e...nt.ps1

windows7-x64

1

tqtc-qt5-e...nt.ps1

windows10-2004-x64

1

tqtc-qt5-e...tp.ps1

windows7-x64

1

tqtc-qt5-e...tp.ps1

windows10-2004-x64

1

tqtc-qt5-e...ks.ps1

windows7-x64

1

tqtc-qt5-e...ks.ps1

windows10-2004-x64

1

tqtc-qt5-e...or.ps1

windows7-x64

8

tqtc-qt5-e...or.ps1

windows10-2004-x64

8

tqtc-qt5-e...er.ps1

windows7-x64

1

tqtc-qt5-e...er.ps1

windows10-2004-x64

1

tqtc-qt5-e...or.ps1

windows7-x64

1

tqtc-qt5-e...or.ps1

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    809774c6a45ff93cd2e6588a8504008f329376166bdfca9685726dc316842961.zip.zip

  • Size

    2.3MB

  • Sample

    231107-rnsgfsha41

  • MD5

    78da90c83c8bd7d0486c9c8d2d6e8484

  • SHA1

    c39291a5b24fb90a2f730bc1378733d79727fa88

  • SHA256

    af345cbcd20d7ae664d369ca78acb95f0768b4b5c5c036a6a4a55ae09059ea79

  • SHA512

    ce6092f9d45b81367d1b5106be4a57a6f12070a8d51c4c95989e70e1a4c987ac23341cd5e69dee2eaddf194775dcd12e2cbc31e01c1d590a32721cfffa948673

  • SSDEEP

    49152:TGYy6SJIW7pqWLQY7BwsBC8+HTKnsvwtRsEpYEoyj1GAk0gGXAo0YRA:TGYOb7ppsY7B5M8+HTKnsvwtR1OEha0A

Score
10/10
discoveryexploit

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ci-files01-hki.intra.qt.io/input/3rdparty/Qt3DStudio-3rdparty-win64-CI.zip

Extracted

Language
ps1
Source
URLs
exe.dropper

https://storage.googleapis.com/webassembly/emscripten-releases-builds
exe.dropper

http://ci-files01-hki.intra.qt.io/input/emsdk

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ci-files01-hki.intra.qt.io/input/windows/dotnet-sdk-2.1.809-win-x64.exe
exe.dropper

https://download.visualstudio.microsoft.com/download/pr/c980b6fb-e570-4c73-b344-e4dae6573777/f844ac1a4c6ea5de7227a701786126fd/dotnet-sdk-2.1.809-win-x64.exe
exe.dropper

http://ci-files01-hki.intra.qt.io/input/windows/dotnet-sdk-2.1.809-win-x86.exe
exe.dropper

https://download.visualstudio.microsoft.com/download/pr/cf86a2f3-f6b2-4959-8e41-cf84b0d2f294/a61e834f56abe2dc2e12599e1a60c10b/dotnet-sdk-2.1.809-win-x86.exe

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://proxy.intra.qt.io

Extracted

Language
ps1
Source
URLs
exe.dropper

https://download.visualstudio.microsoft.com/download/pr/e8bc3741-cb70-42aa-9b4e-2bd497de85dd/74b4e599138d5b5824d87ee657b78cbdeb3716f58a9645047e53bb5f68131516/vs_Professional.exe
exe.dropper

https://download.visualstudio.microsoft.com/download/pr/e8bc3741-cb70-42aa-9b4e-2bd497de85dd/f3713de3e01b7829d529f67d6240116b73cc0743974bb5373a052f9629cc24d2/vs_BuildTools.exe

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://download.microsoft.com/download/9/3/F/93FCF1E7-E6A4-478B-96E7-D4B285925B00/vc_redist.x64.exe
exe.dropper

http://ci-files01-hki.intra.qt.io/input/windows/vc_redist.x64.exe
exe.dropper

https://download.microsoft.com/download/9/3/F/93FCF1E7-E6A4-478B-96E7-D4B285925B00/vc_redist.x86.exe
exe.dropper

http://ci-files01-hki.intra.qt.io/input/windows/vc_redist.x86.exe

Extracted

Language
ps1
Source
URLs
exe.dropper

https://download.microsoft.com/download/8/C/3/8C37C5CE-C6B9-4CC8-8B5F-149A9C976035/windowssdk/winsdksetup.exe

Extracted

Language
ps1
Source
URLs
exe.dropper

http://download.qt.io/development_releases/prebuilt/winrtrunner/winrtrunner_2018-07-06.zip

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://ci-files01-hki.intra.qt.io/input/semisecure/sign/sign.zip

Extracted

Language
ps1
Source
URLs
exe.dropper

http://ci-files01-hki.intra.qt.io/input/qnx/qnx700-20210323-windows.7z

Targets

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86/disable-defragment.ps1

    • Size

      3KB

    • MD5

      e620cb29b470b5afd66b15a4c4d17c80

    • SHA1

      ee944a4a6fff8e044e33074af3b2d16ea1a0075e

    • SHA256

      255afab9d2b0490d3d858cb73b682001e98f9a68c51a1bd72150ff9474f7a6db

    • SHA512

      ee16ee4cc4097f5c84e6ceb73986dc5c08754ce0838caa71bf3d578d82adecad3b44f0b6185c8ac8d0035f5e1ac0616b9b04b2903d169ebca0925d0d9f48fac8

    Score
    1/10
    behavioral1behavioral2

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86/disable-ntp.ps1

    • Size

      155B

    • MD5

      00e60bc032e422dcabc1ea902a27f385

    • SHA1

      51714c5a0fc42dc9de64991a55803673b1aad3a5

    • SHA256

      68f8bded8417b396484a04b7d23fc36c0040b1fa5826912b76d665852e400921

    • SHA512

      6d96798857fefe4d267a1f9acf113914e0890ae8d62b7fe5875b98df18cb9e7a532abbb4c2fa6affbf20261ce91c5de8e161bde1f0ef0a70c81c5dfa7ca95ab8

    Score
    1/10
    behavioral3behavioral4

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86/disable-schedule-tasks.ps1

    • Size

      4KB

    • MD5

      71f328e2dc852d557e3631dd441a97e1

    • SHA1

      a533bc9e7fff737c3cf8eb2db85f83565dca7c9a

    • SHA256

      ae9cc621f0c4b08995f0be69832dfb497919b1d2d78f414d3819e2f1577583c3

    • SHA512

      25d78253d5f8c220b7bf76bb268e1cf1c6910c3c6af5cf1455d03c4df2c1d71c994d371b30fa44526bc6e2850c367bc7b8d1654fe5eecac1cd4378f2963541c7

    • SSDEEP

      96:7fpWFfOCHJn1DYjICaJGI9e/iLO/ug02jqZd6NdmnEZ2KV+:rUJJ+jIdL9el0/Zd6qn02M+

    Score
    1/10
    behavioral5behavioral6

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86/disable-update-orchestrator.ps1

    • Size

      546B

    • MD5

      ec6290ac03410784799f213cb8a7d221

    • SHA1

      ee4387bd1e11134fb2cf2e885bc0c5b52a4e1983

    • SHA256

      6b267c143b587c7a93c590486a398d03653995427af3a8db29a3b83941d8e364

    • SHA512

      3467389bd984b3dfb4270d8b33d88c4421fc8cadabec4af4f4d65be8edc442b30c5aaa4a52f542fb4b4d4dc06479cd1aa1776f354a15c8b4893f5d6c7b92f0cb

    Score
    8/10
    discoveryexploit

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery
    behavioral7behavioral8

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86/disable-windefender.ps1

    • Size

      2KB

    • MD5

      7de95a6a2ecb07fa27264831da8f201f

    • SHA1

      131dd6bc965511e81cd369ad9b22e6ce0f747555

    • SHA256

      33d4fbf7c7136837f3c2eb50474c902a9913a0820f86960da81ae68307b9c4b4

    • SHA512

      38be80f536233715cc5f65473c117142cc635c2831c48df5b154972d456d75d684e1e995e6ac9e1569a63d47f6ca24bb5944839b547af80ea9218166e798cdc5

    Score
    1/10
    behavioral10behavioral9

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86/disable-windows-file-protector.ps1

    • Size

      289B

    • MD5

      235b2291aa55cdc0d3d5dbca73d86581

    • SHA1

      c20abe7c86d1f99cb08c486d468735a9bb711494

    • SHA256

      7bb5aedc6c632de0ea6a7c632c22bc7e467d06edf9d90e37624b45e1aa38c370

    • SHA512

      57dbe5cd267477ebdfb3cfb5d5fbc25da7cda5ae767b0bb19000f0e667983b80a5216fcabd0dac8aabc2f709bb61bdd5314c5038397e4372408171f3e15799d4

    Score
    1/10
    behavioral11behavioral12

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86/disable-windows-update-medic.ps1

    • Size

      840B

    • MD5

      21b5b12b7866e108f38d380a37d7872a

    • SHA1

      a69f415f78312d8fce22204b002cfb8c41496f94

    • SHA256

      57d48038a54e6ae552652751d147ca7d859894f08970513b82a78612e0be727d

    • SHA512

      759560aadc62fd6be4278b9d866dfb738294f6aa5676278e03c074058acca92db6370ff670a85873408a2d4505b6b1173ad0efaf47669946bb55ef341d053636

    Score
    8/10
    discoveryexploit

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery
    behavioral13behavioral14

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86/disable-windows-updates.ps1

    • Size

      2KB

    • MD5

      6aeb806b71867479149f3a07a753a151

    • SHA1

      8a6673819312a8c065009e455ce226ca494a8185

    • SHA256

      bed2f130a7c7bd7e26f5a28378d7a3fd016cfa7c087a986a08d8553736e933ca

    • SHA512

      cfaa7ef833f46596927ecba18df3d220506b4ad168fdfc844962126845b60c9ec0f5c87dd082d6d0cc299d6a480952f18791c092e13b5aa874a6839b1f53f37e

    Score
    1/10
    behavioral15behavioral16

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/01-enable-dotnet-framework.ps1

    • Size

      654B

    • MD5

      0cfedd5846e40dfb1185635b3d480c93

    • SHA1

      c409d50c8a763d008641dc7364a3e8a95881bccb

    • SHA256

      546296bb5fc95fb4ff235f52103ef6718a169132a8d50d5e67870d7ddff97fc9

    • SHA512

      f853e0b65eb4ed1f2da7d321b29bf85b2b2c73b2873721094ffdf76b08cd9cb300f6233e409fce5ac1a677537fa70a48e46c7bb5ea9ade983f3c5a9e7634cc9c

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/disable-clean-manager.ps1

    • Size

      446B

    • MD5

      2a0b01b12a8a9b4d37f57105afa1c6f1

    • SHA1

      4e435bfdd6a02da0d48f2d4f0978186e0d135e90

    • SHA256

      58e6f37ccb48fbece32ad68746a3db2d1982b18e701856f25f64cbdafe2a8293

    • SHA512

      e3d3ac72c04be3d931686581806903c527d3439da3fa73c453702656381caf27fc58defc5abb97f70015ca246a0f878c633cd177f09a34e565898e7ed00b1390

    Score
    1/10
    behavioral19behavioral20

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/disable-defragment.ps1

    • Size

      3KB

    • MD5

      e620cb29b470b5afd66b15a4c4d17c80

    • SHA1

      ee944a4a6fff8e044e33074af3b2d16ea1a0075e

    • SHA256

      255afab9d2b0490d3d858cb73b682001e98f9a68c51a1bd72150ff9474f7a6db

    • SHA512

      ee16ee4cc4097f5c84e6ceb73986dc5c08754ce0838caa71bf3d578d82adecad3b44f0b6185c8ac8d0035f5e1ac0616b9b04b2903d169ebca0925d0d9f48fac8

    Score
    1/10
    behavioral21behavioral22

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/disable-ntp.ps1

    • Size

      155B

    • MD5

      00e60bc032e422dcabc1ea902a27f385

    • SHA1

      51714c5a0fc42dc9de64991a55803673b1aad3a5

    • SHA256

      68f8bded8417b396484a04b7d23fc36c0040b1fa5826912b76d665852e400921

    • SHA512

      6d96798857fefe4d267a1f9acf113914e0890ae8d62b7fe5875b98df18cb9e7a532abbb4c2fa6affbf20261ce91c5de8e161bde1f0ef0a70c81c5dfa7ca95ab8

    Score
    1/10
    behavioral23behavioral24

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/disable-schedule-tasks.ps1

    • Size

      4KB

    • MD5

      71f328e2dc852d557e3631dd441a97e1

    • SHA1

      a533bc9e7fff737c3cf8eb2db85f83565dca7c9a

    • SHA256

      ae9cc621f0c4b08995f0be69832dfb497919b1d2d78f414d3819e2f1577583c3

    • SHA512

      25d78253d5f8c220b7bf76bb268e1cf1c6910c3c6af5cf1455d03c4df2c1d71c994d371b30fa44526bc6e2850c367bc7b8d1654fe5eecac1cd4378f2963541c7

    • SSDEEP

      96:7fpWFfOCHJn1DYjICaJGI9e/iLO/ug02jqZd6NdmnEZ2KV+:rUJJ+jIdL9el0/Zd6qn02M+

    Score
    1/10
    behavioral25behavioral26

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/disable-update-orchestrator.ps1

    • Size

      457B

    • MD5

      19b8aa97af51ecf9246b9ea1a0eadca7

    • SHA1

      9a774e46ad65ddf145e6543e58a981e9dff4141c

    • SHA256

      196dc7d476f7338c7f086143990c5ed4c7d72be32f121bb502bf08beb0ecd71e

    • SHA512

      190643261a1d7498fa27ca185ac786887159ba412796c920c34b25b7dc1107dfbe2f7fcd358290c077f89dea1825f38b7118b9fa95d1be782314347fab2c9cfa

    Score
    8/10
    discoveryexploit

    • Possible privilege escalation attempt

      exploit

    • Modifies file permissions

      discovery
    behavioral27behavioral28

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/disable-windefender.ps1

    • Size

      2KB

    • MD5

      950e7b5d1ae00425079c0a631537fee5

    • SHA1

      560e8545c919c19311a5930688485c7ce0e6ea4b

    • SHA256

      23e634835699cc7a33ddcab7c095b93142f9fe201d6b0a08936f07df63e9ea35

    • SHA512

      ecd11b6d1d217718514168d0b76461fb233b00fd6fd4b9f81656d40ab8f001ca4f4e62b86df73e69a759b0d2f0b575872564847bcf8a093f3f830d77e076c696

    Score
    1/10
    behavioral29behavioral30

    • Target

      tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/disable-windows-file-protector.ps1

    • Size

      289B

    • MD5

      235b2291aa55cdc0d3d5dbca73d86581

    • SHA1

      c20abe7c86d1f99cb08c486d468735a9bb711494

    • SHA256

      7bb5aedc6c632de0ea6a7c632c22bc7e467d06edf9d90e37624b45e1aa38c370

    • SHA512

      57dbe5cd267477ebdfb3cfb5d5fbc25da7cda5ae767b0bb19000f0e667983b80a5216fcabd0dac8aabc2f709bb61bdd5314c5038397e4372408171f3e15799d4

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discoveryexploit
Score
8/10

behavioral8

discoveryexploit
Score
8/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discoveryexploit
Score
8/10

behavioral14

discoveryexploit
Score
8/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
7/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

discoveryexploit
Score
8/10

behavioral28

discoveryexploit
Score
8/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10