5a4be9e92cf84b6fdedef3623c4fc76a9a239e98f88c0c4368bbb72caafdda03

Sharing

Copy URL

Twitter E-mail

General

Target

Qcma_setup-0.4.1.exe
Size

60.5MB
Sample

240222-nyaslsha85
MD5

7f924f1a8dc878abf31b1638fdad40b7
SHA1

4d69403b0d3d9a53d87a879bb247533bf408bf67
SHA256

5a4be9e92cf84b6fdedef3623c4fc76a9a239e98f88c0c4368bbb72caafdda03
SHA512

a5d66c2d340455cbe329726ab69153a816925608ec7ba5f67b816e8d0530f3df2cbe067edb3672d24630a2a94dda9d68e2a94421c39acf5079cd511c9cb8cb4f
SSDEEP

1572864:7VJTNxo+L/7xl6DgRPMg31jBP7qwv0hfe6i7IbnKs8I0:/TNFNYMj1jhqwife6kIml

Score

8^/10

discovery

Malware Config

Targets

- Target
  
  Qcma_setup-0.4.1.exe
- Size
  
  60.5MB
- MD5
  
  7f924f1a8dc878abf31b1638fdad40b7
- SHA1
  
  4d69403b0d3d9a53d87a879bb247533bf408bf67
- SHA256
  
  5a4be9e92cf84b6fdedef3623c4fc76a9a239e98f88c0c4368bbb72caafdda03
- SHA512
  
  a5d66c2d340455cbe329726ab69153a816925608ec7ba5f67b816e8d0530f3df2cbe067edb3672d24630a2a94dda9d68e2a94421c39acf5079cd511c9cb8cb4f
- SSDEEP
  
  1572864:7VJTNxo+L/7xl6DgRPMg31jBP7qwv0hfe6i7IbnKs8I0:/TNFNYMj1jhqwife6kIml
Score

8^/10

discovery
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  2e35876a2b9842d48eed3817809a78eb
- SHA1
  
  3e1a36b9758d9e0dabeba65895f4a091f801583e
- SHA256
  
  c36d864cd5464add57008985fa901ef4ba32d9831465732b1aa06078a42608d2
- SHA512
  
  1776cb43ea9773bf564876e7ba23b05b37b88457f7085622f5d57ebda9886352da5eefba4ab7d44ae16a8a0a0007e1b9fe8b4d22ef0c402e127467070dae0eb9
- SSDEEP
  
  192:g4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjHK72dwF7dBOne:Zn3T5KdHCMRD/R1cOnrjH+BO
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StartMenu.dll
- Size
  
  7KB
- MD5
  
  abba50aeb1da3cd1ad1e79a89701b02e
- SHA1
  
  bff5bcc8cb0667934b6c743b3f64f6a594f06826
- SHA256
  
  7a4268edf9d327766f22d4126f8dd070db611836f5336af1a864a1f8cfa7939b
- SHA512
  
  b730cd5fdca693331e8789318aa5536950bfbd691ec4047eca8dce9f8a4b0f960210261a44fb502839c20f02a20c1027aca23c7e32b84f79c2cca3ba5a3ab13c
- SSDEEP
  
  96:UgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1t33hhEl7y:UgiqVPgK8K9eIdE9B/tnhg7
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  375e8a08471dc6f85f3828488b1147b3
- SHA1
  
  1941484ac710fc301a7d31d6f1345e32a21546af
- SHA256
  
  4c86b238e64ecfaabe322a70fd78db229a663ccc209920f3385596a6e3205f78
- SHA512
  
  5ba29db13723ddf27b265a4548606274b850d076ae1f050c64044f8ccd020585ad766c85c3e20003a22f356875f76fb3679c89547b0962580d8e5a42b082b9a8
- SSDEEP
  
  192:MPtkumJX7zB22kGwfy0mtVgkCPOs91un:9702k5qpds9Qn
Score

3^/10
behavioral7 behavioral8
- Target
  
  Qt5Core.dll
- Size
  
  4.1MB
- MD5
  
  17acd61293353f77fc6ffd1b8fd76e79
- SHA1
  
  6a83ce51e78d2ba8b50d05a4d50e6f4a35638346
- SHA256
  
  44a33de3ab15d103ad0e5155c81e9b9369c340d14643d70413a6a477d0804a48
- SHA512
  
  9b1966c52a9222e98e0aef9edf0fb6836863116f38e5aed9ad9c5493431283424e2107c3a23b479d5d982af9d59b2dfe215024691439cbbb67217d13006b5e2c
- SSDEEP
  
  49152:3wKv8HVmxzDy5PvbBkSZBDM/fDQUFYuSjKXwqMG4HJJsv6tWKFdu9CbnWCLZgZ3U:hubC9hyJJsv6tWKFdu9Ceo
Score

1^/10
behavioral10 behavioral9
- Target
  
  Qt5Gui.dll
- Size
  
  4.3MB
- MD5
  
  dc0d89f794f803db1df2329fed375e15
- SHA1
  
  293520356fcb75931d57dd35490fb4be45011c1e
- SHA256
  
  e7eea51c6ba1cb7fd07dd0b5e9df79d182ed58ad8f463c9278dfe2cd84de7655
- SHA512
  
  7b9b7b30cccd925b452d9cb46937cd7fd3c185ac4dcb57b204ea150a2d9717a30c286d26ccc32000097c226be7dae62fd84e5c4d758fa47554fd5331b5c12872
- SSDEEP
  
  49152:r/226ZqRloIGQ/LvH/CJzQuScg75pqOWWl/Nx2GKqqDkNOXbzesiM0NbFp/ur2nz:gVQ/jGzQpIOWsH2QDM09FUTkwXP
Score

1^/10
behavioral11 behavioral12
- Target
  
  Qt5Network.dll
- Size
  
  1.4MB
- MD5
  
  6e7757efc23e3d14d269e3d5e95d7c0a
- SHA1
  
  356b80579196a118440f7fc2513f35d1b0ee491c
- SHA256
  
  e69b1c073908c9a98d6bea73062071d91189ce4758674ec4c3001a45375d04a3
- SHA512
  
  1739ad53dafeb22a6a7b88f898c4d139debe8025dc4a33a2ce27449dad337a7f73e690ac2285648b31991188c99e739aa621f317a9e80e5606f62c6735719096
- SSDEEP
  
  24576:oAivXyDWLhjXPXdQgyLUO8OZ/WvJWVuXqpZ2JatqoLKd:9ivXyDWR/5yLUO8wsJW8apZ2JatqH
Score

1^/10
behavioral13 behavioral14
- Target
  
  Qt5Sql.dll
- Size
  
  251KB
- MD5
  
  2fd936360fd1d34332bcb97bbfe25838
- SHA1
  
  63f6ba350a5dd0256d36f55c8d7c83f882e7526c
- SHA256
  
  539710d81f8658477971bdf3075f3b400b571c39d38f2cef06b939d7625d045a
- SHA512
  
  dc0ffe3c68ecfeb137b4bd60b5ee25c8ef6edb1cd0369ae5f680a179c7a5ed164bc045dcb4757d84546ffc650a7831cb6f28aca0331296d914fe126198fd2a5f
- SSDEEP
  
  3072:xqKZIHQlOtFJBC1e9RI0OM1O1+TchiFW1sooSYQ1zV4XdJPGJ:cKZKeOtFJee9RI0Zp41soHYczSXdJG
Score

1^/10
behavioral15 behavioral16
- Target
  
  Qt5Widgets.dll
- Size
  
  5.5MB
- MD5
  
  2260fbc42621d4d09a7eefdf304d7561
- SHA1
  
  5c21d0a5367a27fbf23f425bc34a5d09306f377a
- SHA256
  
  f69b6e4bb40d91e5d02a326f12ebafa98ba3b4f9d282cc9094df301fa84b75b4
- SHA512
  
  a869d0b444473a8d97c81333f85d0f2d0dc6825bd9664edae27793de411848e6fe3e43b69cd159b3a3079f339315bb7d069bbe880cffe3ed796181fe2f5e45b0
- SSDEEP
  
  49152:UHuT9AZk8H1whR8y0lh7N4tXOL4iRSdtLdhaK3VD4mOzQG/9MJHasu2NV3PExrLX:uaGk8H2Pv8riHKYjKOI0+/
Score

1^/10
behavioral17 behavioral18
- Target
  
  avcodec-57.dll
- Size
  
  27.3MB
- MD5
  
  28c3d3035ff3b9216a77016cf23205dc
- SHA1
  
  19683f75253daba16c626f43ee43372b8d7bcdf3
- SHA256
  
  bd5f83ab365e1c9b26742fb2d523bb174acf547f9a1ae73f8a6cc5cf2fc97b9f
- SHA512
  
  87b4b8e642785942db51593a9a162f641e672542da999796e1763f3f41aae5f8195577b5e20c993c6425449512edad71222dd42e9a31b6130d93c70b3e2aaf70
- SSDEEP
  
  196608:eooaALQtm3+f1mZEEtBY1Ep1O9+WX6zNPgEvQ1BC8aJpPuCnVLYL:xDMX/BA9+y6zQBC8aJpzJ
Score

1^/10
behavioral19 behavioral20
- Target
  
  avformat-57.dll
- Size
  
  5.1MB
- MD5
  
  036bf355837a9ccba8c2cba97161813f
- SHA1
  
  0af4ffe90897aa9f1fed1755275a2fc6c9459ca4
- SHA256
  
  0724e9a7e087476c5cd16586fc71f8051b53a3b4e4336869aacbe9060df30864
- SHA512
  
  4e4e2d3ba31048d52d4191167274ec0c868ef486aebb0ce85e1b016e5701d0c13e7e179d0e02f760bbf98f8d73da2497167bb070449d07f832ebdca8aaadc5ee
- SSDEEP
  
  98304:qmzPl6Lt1LJONf9ysXmhbzhzOThS23nfEI42A079iFaHH92m93cVMp6LZpdWDdk0:NgSvsMXM
Score

1^/10
behavioral21 behavioral22
- Target
  
  avutil-55.dll
- Size
  
  531KB
- MD5
  
  629e49fb643ba264a2211c716a985463
- SHA1
  
  31f5e82b04042514026dd3fdee5658733530c34e
- SHA256
  
  25c3d4dcfeed081dc8622f6822864b48ee52d8cec606da654dfc14ad569fb289
- SHA512
  
  9b486b3e39f86654e8688a13e114613ca5d2c1c0c1d04f2d765c082a444140f6afbe5beeb1f91c28a5b721eb2a4900580e893e16fd74c04c2d589a831bdf3a6a
- SSDEEP
  
  12288:qZOuBU1008QCldwgnXulR9wtc8sR/mUiKCC:7uBK0vdwg+CtczIC
Score

1^/10
behavioral23 behavioral24
- Target
  
  imageformats/qgif.dll
- Size
  
  35KB
- MD5
  
  71c4a09f22c0e45da1543d22c17db0e6
- SHA1
  
  e43537b44948831fb5e504859ddc162491e9e0a9
- SHA256
  
  a26a208a54a332ad2e531429c3d3335d75a1a7550ac9c2f94dfb4a6e72c6ba8d
- SHA512
  
  82b231d2c9b38506d5f00eaa05d1d11b2f5bf117cbd88196c2b42c531cfd3e9bf6ef705588b433465b05a258af156bc63f9a87e6b5d34a1415f9faf4ce25e078
- SSDEEP
  
  768:oXVgDR44RV2m0W6deIGLVgJq8NEf6I4444444444444N4ZDGEld:yVgDR4zLy9SlNElGE/
Score

1^/10
behavioral25 behavioral26
- Target
  
  imageformats/qjpeg.dll
- Size
  
  56KB
- MD5
  
  749c5deaf09dcb1c2db49e511aa6ae73
- SHA1
  
  6aca0cea521e5c423504d6271a0d80891d60c9e8
- SHA256
  
  19f7ab54cdb56295df4d6eb4c3cae6e486e8b17ef7f8281778ae0ec125cfecb3
- SHA512
  
  40551945a5e9404d84a7c1aab9c3f1873a6d05c8674cf7052a440f2132c6bdbd7fe5f96b757f387f4981cd15681aff81d1d0feb32d572a3f8d6ece154fcf59b9
- SSDEEP
  
  768:/L23PTKFSXbthLtJa2zDHtbqqMUVn6OUtM4TlK6LZI4444444444444N4tdrswmG:SrZttb5RPGXarsh/gG0NT
Score

1^/10
behavioral27 behavioral28
- Target
  
  imageformats/qtiff.dll
- Size
  
  37KB
- MD5
  
  2f3b9f499eb60be3df4d5fd54094421d
- SHA1
  
  74e896d31ac9e02c66286f885032e04a87155820
- SHA256
  
  8241fe0c0cebb02a8c77e24eadff275b3e52169fd30272a8d7243e5b74707d65
- SHA512
  
  29b5c05be8e8a9939622a39815b895ed9ed13339ad6862cc898a7b479e0a3cba2ffe691348ffab088d582be9f9494ca631f66ed5dce767a352148b4ac5b3d053
- SSDEEP
  
  768:/coJlaa70yLm84VwUz30OnaD9diBJxRzs14444444444444N4zURMk3AGLn4EWd+:/dma708vOnm9ARv2GLn4B+
Score

1^/10
behavioral29 behavioral30
- Target
  
  libbz2-1.dll
- Size
  
  72KB
- MD5
  
  48d3f1f67f43425584f04e1a082b3b7d
- SHA1
  
  246b8a0b9f8823ff9b801e083c060a090df8c784
- SHA256
  
  cb5df7c5577839996278a88b92b1e944feebb846e9eaa8c0742183d668c161de
- SHA512
  
  4b1775f4d6fa10dc33b728fde3a3053e360617ddc67b0629a85a6e49b8704608a95da1faa3def7961f5f17a4e75a079cd836ff2c1afbf8f554c5fadc75633425
- SSDEEP
  
  768:cxFBplHJfeJuf0hk9b8B6rei9+ko5mLV2LOGN23Ag3Qb/A023x:YjlNe8f0G9ogrei1M18DwMx
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Manipulates Digital Signatures

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32