Overview

overview

10

Static

static

3

018c028976...e0.exe

windows7-x64

10

018c028976...e0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    018c0289767c4c4e1cb47ebb94f6f82ac1187d7bc97eb758f57f4ce59d0775e0

  • Size

    77KB

  • Sample

    240719-1pdt5averd

  • MD5

    1989b080171d45460edf200b206bc916

  • SHA1

    a0ecdeff53bdd105598add70435f4eca87969fa2

  • SHA256

    018c0289767c4c4e1cb47ebb94f6f82ac1187d7bc97eb758f57f4ce59d0775e0

  • SHA512

    8d9358b5f08abadf5d6fdd94a7555f49e43a82c5ada0bcfba27d9e52ab672df657421e1ef5e5361fba48f1875876901485780cf5b2df0ba208f58b4f65cfcd71

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOqp:RshfSWHHNvoLqNwDDGw02eQmh0HjWOqp

Score
10/10
qqpassdiscoverypersistencetrojan

Malware Config

Extracted

Family

qqpass

C2

http://www.zigui.org/article.php?id=103822

Attributes
  • url

    http://www.mxm9191.com/myrunner_up.exe

  • user_agent

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Targets

    • Target

      018c0289767c4c4e1cb47ebb94f6f82ac1187d7bc97eb758f57f4ce59d0775e0

    • Size

      77KB

    • MD5

      1989b080171d45460edf200b206bc916

    • SHA1

      a0ecdeff53bdd105598add70435f4eca87969fa2

    • SHA256

      018c0289767c4c4e1cb47ebb94f6f82ac1187d7bc97eb758f57f4ce59d0775e0

    • SHA512

      8d9358b5f08abadf5d6fdd94a7555f49e43a82c5ada0bcfba27d9e52ab672df657421e1ef5e5361fba48f1875876901485780cf5b2df0ba208f58b4f65cfcd71

    • SSDEEP

      768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOqp:RshfSWHHNvoLqNwDDGw02eQmh0HjWOqp

    Score
    10/10
    qqpassdiscoverypersistencetrojan

    • QQpass

      QQpass is a trojan written in C++..

      trojanqqpass

    • Qqpass family

      qqpass

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks