Overview

overview

8

Static

static

1

Qik.msi

windows7-x64

8

Qik.msi

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Qik.msi

  • Size

    1.1MB

  • Sample

    231206-1smansfghq

  • MD5

    b60d637cf678d40c3fa4c21651022f20

  • SHA1

    6110eec0e122e3ac04aafdf2a5ad771c21aa96b8

  • SHA256

    a63ed57ec78355dbb8bef93def3263b45d6dd96e5ce6bb727f285e8f1d9a6b26

  • SHA512

    be0be0c970dd04f84e2f5afbe3d04d2bda3602c87bbbb09016465b1fca531b2aa529f66d50ebb31b745b0362cda0431c36111b63f274d3a863aed13d45edc144

  • SSDEEP

    24576:W5enUeiNpNj32PsQ67IzRNYZcE++dQoDvgW/MI2crW6m:Imi3NjGbMmhUtDD/MdcrW6m

Score
8/10
dave

Malware Config

Targets

    • Target

      Qik.msi

    • Size

      1.1MB

    • MD5

      b60d637cf678d40c3fa4c21651022f20

    • SHA1

      6110eec0e122e3ac04aafdf2a5ad771c21aa96b8

    • SHA256

      a63ed57ec78355dbb8bef93def3263b45d6dd96e5ce6bb727f285e8f1d9a6b26

    • SHA512

      be0be0c970dd04f84e2f5afbe3d04d2bda3602c87bbbb09016465b1fca531b2aa529f66d50ebb31b745b0362cda0431c36111b63f274d3a863aed13d45edc144

    • SSDEEP

      24576:W5enUeiNpNj32PsQ67IzRNYZcE++dQoDvgW/MI2crW6m:Imi3NjGbMmhUtDD/MdcrW6m

    Score
    8/10
    dave

    • Dave packer

      Detects executable using a packer named 'Dave' by the community, based on a string at the end.

      dave

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks