Overview

overview

10

Static

static

3

bc0ceb1eee...29.exe

windows7-x64

10

bc0ceb1eee...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc0ceb1eee5fa5c428c5698b4fa2697d1fffa1f1f4c87111445abbffb3480c29

  • Size

    74KB

  • Sample

    240901-h6gy1avcrk

  • MD5

    ba5cce8890b56e70038224f949801fb7

  • SHA1

    836352f8ce5b3ab527a5f41a630125dcba850aa6

  • SHA256

    bc0ceb1eee5fa5c428c5698b4fa2697d1fffa1f1f4c87111445abbffb3480c29

  • SHA512

    1decf3d4fdfa4dc3dddb2b2880df0e9f62b8b6f94ea870655f84cb838c8a6602c1e80085f0162130f3806307eca3e72fe0c5fd0306df2a0de6d47b6792f5edf5

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOaN:RshfSWHHNvoLqNwDDGw02eQmh0HjWOaN

Score
10/10
qqpassdiscoverypersistencetrojan

Malware Config

Extracted

Family

qqpass

C2

http://www.zigui.org/article.php?id=103822

Attributes
  • url

    http://www.mxm9191.com/myrunner_up.exe

  • user_agent

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Targets

    • Target

      bc0ceb1eee5fa5c428c5698b4fa2697d1fffa1f1f4c87111445abbffb3480c29

    • Size

      74KB

    • MD5

      ba5cce8890b56e70038224f949801fb7

    • SHA1

      836352f8ce5b3ab527a5f41a630125dcba850aa6

    • SHA256

      bc0ceb1eee5fa5c428c5698b4fa2697d1fffa1f1f4c87111445abbffb3480c29

    • SHA512

      1decf3d4fdfa4dc3dddb2b2880df0e9f62b8b6f94ea870655f84cb838c8a6602c1e80085f0162130f3806307eca3e72fe0c5fd0306df2a0de6d47b6792f5edf5

    • SSDEEP

      768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOaN:RshfSWHHNvoLqNwDDGw02eQmh0HjWOaN

    Score
    10/10
    qqpassdiscoverypersistencetrojan

    • QQpass

      QQpass is a trojan written in C++..

      trojanqqpass

    • Qqpass family

      qqpass

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks