General
-
Target
QI.EXE
-
Size
5.7MB
-
Sample
240507-ldfr1sda36
-
MD5
71058566c0821ca320639f18c62905f0
-
SHA1
235e751fb521829628f4df4d43b88e0ed6396a5d
-
SHA256
fbb98a26d5543ecd8be85870352b7641d151121a4dffa5a5dd53e3fd455886c5
-
SHA512
f7f7aad683bca495f438ff1fb9a91b02300d624dd3fb8f5491ee4ca7b52ea1b6641ccd12821e07399a1156ac3f6e6a13e62be286e7c66aa89ab226f91e196c1b
-
SSDEEP
98304:Mtx1TaW8Q9CzAY+mVmDmOaEaJchTNhpLGJMz6coX2XwFUSWPSdmAijGrCvVYusl0:MI/Q9C8YT6aJchTNjGiz7XwFWam7irCH
Malware Config
Targets
-
-
Target
QI.EXE
-
Size
5.7MB
-
MD5
71058566c0821ca320639f18c62905f0
-
SHA1
235e751fb521829628f4df4d43b88e0ed6396a5d
-
SHA256
fbb98a26d5543ecd8be85870352b7641d151121a4dffa5a5dd53e3fd455886c5
-
SHA512
f7f7aad683bca495f438ff1fb9a91b02300d624dd3fb8f5491ee4ca7b52ea1b6641ccd12821e07399a1156ac3f6e6a13e62be286e7c66aa89ab226f91e196c1b
-
SSDEEP
98304:Mtx1TaW8Q9CzAY+mVmDmOaEaJchTNhpLGJMz6coX2XwFUSWPSdmAijGrCvVYusl0:MI/Q9C8YT6aJchTNjGiz7XwFWam7irCH
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1