96bac43faac2b1fa5e0bc495975b2e642af5da181e313a9c8f541912b83c0edb

Sharing

Copy URL

Twitter E-mail

General

Target

qbittorrent_4.6.4_x64_setup.exe
Size

34.0MB
Sample

240417-cxsfgscg7x
MD5

918224925563095d15dbab7c34b3bf17
SHA1

33902285adf411e5824547e849a4adcfc6531114
SHA256

96bac43faac2b1fa5e0bc495975b2e642af5da181e313a9c8f541912b83c0edb
SHA512

4d6bd949693ea60671ddb8dc19ec87d8e02bf4888aca290318488ca696e495e13bf49161ac8f75cfff9befb72589ab2bedcd1138fa9d81c5bf071191d6344b28
SSDEEP

786432:7KMXiEtPqJO5MB3/UOd64S49KmFRc85C2uWF3Dzn:7DXioy0DOd6o1HtuW5/

Score

7^/10

Malware Config

Targets

- Target
  
  qbittorrent_4.6.4_x64_setup.exe
- Size
  
  34.0MB
- MD5
  
  918224925563095d15dbab7c34b3bf17
- SHA1
  
  33902285adf411e5824547e849a4adcfc6531114
- SHA256
  
  96bac43faac2b1fa5e0bc495975b2e642af5da181e313a9c8f541912b83c0edb
- SHA512
  
  4d6bd949693ea60671ddb8dc19ec87d8e02bf4888aca290318488ca696e495e13bf49161ac8f75cfff9befb72589ab2bedcd1138fa9d81c5bf071191d6344b28
- SSDEEP
  
  786432:7KMXiEtPqJO5MB3/UOd64S49KmFRc85C2uWF3Dzn:7DXioy0DOd6o1HtuW5/
Score

7^/10
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  b4faf654de4284a89eaf7d073e4e1e63
- SHA1
  
  8efcfd1ca648e942cbffd27af429784b7fcf514b
- SHA256
  
  c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3
- SHA512
  
  eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  50016010fb0d8db2bc4cd258ceb43be5
- SHA1
  
  44ba95ee12e69da72478cf358c93533a9c7a01dc
- SHA256
  
  32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
- SHA512
  
  ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
- SSDEEP
  
  48:S46+/pTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8m/ofjLl:zbuPbO5tCZBVEAWyMEFv2CmCL
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  9KB
- MD5
  
  940c56737bf9bb69ce7a31c623d4e87a
- SHA1
  
  f2f3b4e7b9c28df6687ceeaed300a793e3bac445
- SHA256
  
  766a893fe962aefd27c574cb05f25cf895d3fc70a00db5a6fa73d573f571aefc
- SHA512
  
  81c60431619d7eb826b8da997c227c4f7077cc754caa15df6e0e7ae0e33690432bc2a27a7e295998f15e33a17b3d80e492d7cc09fd70dc43daf1cfe86b8746ff
- SSDEEP
  
  192:TYw3C/LSnMoejFXnknIHbGoijTr3dBZ9KPPsnY/T0x9j:TY3LSnlepnknIHKoUrdBZ9uPsY/Ix9j
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsisFirewallW.dll
- Size
  
  8KB
- MD5
  
  f5bf81a102de52a4add21b8a367e54e0
- SHA1
  
  cf1e76ffe4a3ecd4dad453112afd33624f16751c
- SHA256
  
  53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2
- SHA512
  
  6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256
- SSDEEP
  
  96:8SMPv+eLDUDp+weLv2lstU+0IgNB2Aa20kdArfOwJKbFrMiRsuHdRYL:wnxLDUwp6sgN2RDrzJMMmsuYL
Score

3^/10
behavioral17 behavioral18
- Target
  
  qbittorrent.exe
- Size
  
  30.8MB
- MD5
  
  b9dfd00c5fbb9cfaa2c4e1b3f9e218bf
- SHA1
  
  4dad2d51c73dffdd2cfc4d17146ac0253d74e3bf
- SHA256
  
  1fac780feaa2e263dbd0ee2103d1815d97b4d6a676f5b83e9320120dc15ee6bb
- SHA512
  
  baec0664acfb41b96939f6462df5b9390f6cec16e71960f77ead222ad2bdf7f5f8bc4cb1937413472d4abe1ff6053eb8e89a9a6291c7b979138272dac780ab6c
- SSDEEP
  
  393216:Q943f9XQuqc+GJi2piZ09Br9UhfrZfndOj/HS4UfrBq9BKFdu9CwJsv6t/kubD:QuZfyrZgqrAZbD
Score

1^/10
behavioral19 behavioral20
- Target
  
  qbittorrent.pdb
- Size
  
  139.7MB
- MD5
  
  9ea92840d804f74aab17c79b820af2b7
- SHA1
  
  42a2f607757b6cb129935dad261f0a86ddc2fceb
- SHA256
  
  f8861d92c7609d41ee0f1b14eed1e31dedc1c735c36a47391e21c5e79be8b1e5
- SHA512
  
  0a163163899aff81a7175bef5db9323a5b44b8ee00deb203d8741fa42d0ef12a9e92eb3bcde54605cb0c31a702d136d5239aea532f2aa7eff98edb238da022b9
- SSDEEP
  
  393216:qYZBCzIX4Y0jTSMLGzgKb6BkaZIaCbLeTaUh94fSNzXUt4X:pfX4YDgpBkX3+
Score

3^/10
behavioral21 behavioral22
- Target
  
  qt.conf
- Size
  
  84B
- MD5
  
  af7f56a63958401da8bea1f5e419b2af
- SHA1
  
  f66ee8779ca6d570dea22fe34ef8600e5d3c5f38
- SHA256
  
  fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3
- SHA512
  
  02f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d
Score

3^/10
behavioral23 behavioral24
- Target
  
  translations/qt_gl.qm
- Size
  
  316KB
- MD5
  
  0661ffabfbc50187f3ba38876b721946
- SHA1
  
  eb5e7205355cfc6bcb4df27e224079842c97b296
- SHA256
  
  204a01ac7deb6b5bae193afecbd1e50d18c73bf7d94badeb2bbfdf6123c4ed93
- SHA512
  
  65ab66cc54d65e7678fa731a5c5f2cc9d6fc217b91ad47d538440811e09a23e49cd95ce62a79e3e8c275e250ac1a0b54bd289f6dd067573876da7aff54381d02
- SSDEEP
  
  3072:OYSG8zxWSDjq73Pf6FT1f4uh50QGrRfFD54YyUY0Ou4/tnra3Z0uYhB5YHfHRRn2:O39WSD3TMQGrxFD5EUVQ
Score

3^/10
behavioral25 behavioral26
- Target
  
  translations/qt_lt.qm
- Size
  
  161KB
- MD5
  
  8992b652d1499f5d2f12674f3f875a35
- SHA1
  
  e22766a49612f79156c550d83c6c230345dda433
- SHA256
  
  47eb5f97467df769261421d54a5bea1131c9fb9b6388791d38bb6574335b64bf
- SHA512
  
  9b8b6dbff432f2a46c14bc183a6baf84acbf02bf2c5bb8c306c6538fbd9be1c0a9015bd46728f2f652f9163afc56b1e16d16eb95d8f7728f3c562ae9f4f1ae1e
- SSDEEP
  
  1536:i5v3+zmayloj6yJjhnBAbnrKnGrhA7WgdXclIsooY9i:SvOzAloj6yJ9BA7riGr+7WKXc+s5ui
Score

3^/10
behavioral27 behavioral28
- Target
  
  translations/qt_pt_PT.qm
- Size
  
  68KB
- MD5
  
  6656500f7a28ef820ae9f97fd47fb5bb
- SHA1
  
  cc112b9c9513bcf7497f3417168b4c8a9f7640a9
- SHA256
  
  2c1e7bbf5168a64b43752dd4c547601c0bde6d610f8671fa3e3af38597e84783
- SHA512
  
  5c3cbfcf86af6b4d949c1d914cd379e512e73ba350af661033a386ee7fb981fbfcb43d9a35fde7656e17bb09f64f1469f84867a780573c3359d645269461d5a6
- SSDEEP
  
  768:OKGUuWW+WHjS0gMBd483+Y7bDPs4RHBloLUIltlzAJnx4nnliM1OPlOibLG:JGUuWPuSgm0Jn+n4Mhj
Score

3^/10
behavioral29 behavioral30
- Target
  
  translations/qt_sl.qm
- Size
  
  223KB
- MD5
  
  d35a0fe35476be8bd149cee46e42b5e9
- SHA1
  
  9f3c85c115a283e5230d1eead84c8cb73a71fa03
- SHA256
  
  c44e0313a9414cc0e490b65b0c036fa11bca959353b228886547bc2c8492034f
- SHA512
  
  beeb1751882af081e80be93f7464d4c6322b724efa2cbd3e1cbe709181d380c1c57e770fa962bb706d6fcf4a8cb393e3f6e187c1f604f8ceefb201ca3200bd1c
- SSDEEP
  
  3072:9zQH0hOtgmiAZu0eeAEv+v49JnnSmICgr3n7jhCQUeinqyU5UggtRLGrQ2LZO+Y1:RpUsSpGr36wsR
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Loads dropped DLL

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32