Overview

overview

10

Static

static

3

5ecd777649...01.exe

windows7-x64

10

5ecd777649...01.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ecd777649462212355188b5ce8f26bb22673f7d280dfed8abcf055f4b819801

  • Size

    74KB

  • Sample

    240914-g31fhazfnj

  • MD5

    44f4535b67a92ec9d2c8952d2cc3bbbb

  • SHA1

    5a7328f5b737b9d855e5c33c9491e6ab5d9691be

  • SHA256

    5ecd777649462212355188b5ce8f26bb22673f7d280dfed8abcf055f4b819801

  • SHA512

    7cba4fb8b63e0156bb02574dd78a8b7b1d8e16a806fb228e6258b648fbf9dcc8ecadb945f55dbfe5a0f5006a0cc88ed03004e1067818161304374b5ced8aa012

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOjFe:GhfxHNIreQm+Hi3

Score
10/10
qqpassdiscoverypersistencetrojan

Malware Config

Extracted

Family

qqpass

C2

http://www.zigui.org/article.php?id=103822

Attributes
  • url

    http://www.mxm9191.com/myrunner_up.exe

  • user_agent

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Targets

    • Target

      5ecd777649462212355188b5ce8f26bb22673f7d280dfed8abcf055f4b819801

    • Size

      74KB

    • MD5

      44f4535b67a92ec9d2c8952d2cc3bbbb

    • SHA1

      5a7328f5b737b9d855e5c33c9491e6ab5d9691be

    • SHA256

      5ecd777649462212355188b5ce8f26bb22673f7d280dfed8abcf055f4b819801

    • SHA512

      7cba4fb8b63e0156bb02574dd78a8b7b1d8e16a806fb228e6258b648fbf9dcc8ecadb945f55dbfe5a0f5006a0cc88ed03004e1067818161304374b5ced8aa012

    • SSDEEP

      1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOjFe:GhfxHNIreQm+Hi3

    Score
    10/10
    qqpassdiscoverypersistencetrojan

    • QQpass

      QQpass is a trojan written in C++..

      trojanqqpass

    • Qqpass family

      qqpass

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks