Overview

overview

10

Static

static

10

qbittorren...up.exe

windows7-x64

7

qbittorren...up.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

6

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...lW.dll

windows7-x64

3

$PLUGINSDI...lW.dll

windows10-2004-x64

3

qbittorrent.exe

windows7-x64

1

qbittorrent.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...lW.dll

windows7-x64

3

$PLUGINSDI...lW.dll

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qbittorrent_4.5.4_x64_setup.exe

  • Size

    31.3MB

  • Sample

    240221-ws3v7sch8w

  • MD5

    6e35e4512488a44ebf34bff82dc4724f

  • SHA1

    38903134b1a0a774cdcf728d3484493e7d83592a

  • SHA256

    3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

  • SHA512

    a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

  • SSDEEP

    786432:rVrG7dnL27saKvlVIbS7ykgixD9ZLstXfL:rVrsdn0sa8IbShgiVXLstXT

Score
10/10
bazarloader

Malware Config

Targets

    • Target

      qbittorrent_4.5.4_x64_setup.exe

    • Size

      31.3MB

    • MD5

      6e35e4512488a44ebf34bff82dc4724f

    • SHA1

      38903134b1a0a774cdcf728d3484493e7d83592a

    • SHA256

      3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

    • SHA512

      a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e

    • SSDEEP

      786432:rVrG7dnL27saKvlVIbS7ykgixD9ZLstXfL:rVrsdn0sa8IbShgiVXLstXT

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      b4faf654de4284a89eaf7d073e4e1e63

    • SHA1

      8efcfd1ca648e942cbffd27af429784b7fcf514b

    • SHA256

      c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

    • SHA512

      eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

    Score
    3/10
    behavioral3behavioral4

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      68b287f4067ba013e34a1339afdb1ea8

    • SHA1

      45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    • SHA256

      18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    • SHA512

      06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    • SSDEEP

      48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L

    Score
    3/10
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    6/10

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral7behavioral8

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      6c3f8c94d0727894d706940a8a980543

    • SHA1

      0d1bcad901be377f38d579aafc0c41c0ef8dcefd

    • SHA256

      56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

    • SHA512

      2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

    • SSDEEP

      96:o0svUu3Uy+sytcS8176b+XR8pCHFcMcxSgB5PKtAtgt+Nt+rnt3DVEB3YcNqkzfS:o0svWyNO81b8pCHFcM0PuAgkOyuIFc

    Score
    3/10
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/nsisFirewallW.dll

    • Size

      8KB

    • MD5

      f5bf81a102de52a4add21b8a367e54e0

    • SHA1

      cf1e76ffe4a3ecd4dad453112afd33624f16751c

    • SHA256

      53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

    • SHA512

      6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

    • SSDEEP

      96:8SMPv+eLDUDp+weLv2lstU+0IgNB2Aa20kdArfOwJKbFrMiRsuHdRYL:wnxLDUwp6sgN2RDrzJMMmsuYL

    Score
    3/10
    behavioral13behavioral14

    • Target

      qbittorrent.exe

    • Size

      28.5MB

    • MD5

      299af9fcfb3067e8f5f64f0866c8fe33

    • SHA1

      5244f3c95dbee3c29c4171899a1a158087419f59

    • SHA256

      aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

    • SHA512

      35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

    • SSDEEP

      393216:RkIcS07+VMtn8jqbXRWspXwqBuoCef5RH/Z8TKJsv6tWKFdu9CeCbF:RkIkSW9XwquopH/ZuIF

    Score
    1/10
    behavioral15behavioral16

    • Target

      uninst.exe

    • Size

      140KB

    • MD5

      91069149dbc3b622415e8526caaed735

    • SHA1

      8487fb850aabff16ab683b707cbcce4c69220d99

    • SHA256

      09d1cc6f80cfa7d019365ca50de6dc78adcae147ebf061ae381e0304c3891f13

    • SHA512

      c7cb0efe1256d4888d183740419f0f849fb8634ef1892791ac2bd25ad5b021e1ed3efeaad5616940926c4221d8312d781318e1e6addd6f1092b593ab42716f4f

    • SSDEEP

      3072:gfY/TU9fE9PEturceAmpgcfpGmhStrEr04oDmcWEF5lWinUM:2Ya6lmmpR1dr04oDmIr

    Score
    7/10

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      $PLUGINSDIR/FindProcDLL.dll

    • Size

      3KB

    • MD5

      b4faf654de4284a89eaf7d073e4e1e63

    • SHA1

      8efcfd1ca648e942cbffd27af429784b7fcf514b

    • SHA256

      c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

    • SHA512

      eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

    Score
    3/10
    behavioral19behavioral20

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      68b287f4067ba013e34a1339afdb1ea8

    • SHA1

      45ad585b3cc8e5a6af7b68f5d8269c97992130b3

    • SHA256

      18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

    • SHA512

      06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

    • SSDEEP

      48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L

    Score
    3/10
    behavioral21behavioral22

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      cff85c549d536f651d4fb8387f1976f2

    • SHA1

      d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    • SHA256

      8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    • SHA512

      531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    • SSDEEP

      192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr

    Score
    3/10
    behavioral23behavioral24

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    behavioral25behavioral26

    • Target

      $PLUGINSDIR/nsisFirewallW.dll

    • Size

      8KB

    • MD5

      f5bf81a102de52a4add21b8a367e54e0

    • SHA1

      cf1e76ffe4a3ecd4dad453112afd33624f16751c

    • SHA256

      53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

    • SHA512

      6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

    • SSDEEP

      96:8SMPv+eLDUDp+weLv2lstU+0IgNB2Aa20kdArfOwJKbFrMiRsuHdRYL:wnxLDUwp6sgN2RDrzJMMmsuYL

    Score
    3/10
    behavioral27behavioral28

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks