Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

19/09/2024, 19:17 UTC

240919-xzbwqswana 9

19/09/2024, 14:45 UTC

240919-r421tsvbjr 7

19/09/2024, 14:37 UTC

240919-rzaqsatcnc 7

General

  • Target

    qitasc.exe

  • Size

    5.1MB

  • Sample

    240919-xzbwqswana

  • MD5

    43ebe9df7e67597a160f5effa8868bf3

  • SHA1

    3cd79d15f53e36e4864122d7af81d12581fbf71c

  • SHA256

    1859dfca6e5251f22c90aa4245a953c6afb26b0d2e6dec2b4747ceef4f7df18d

  • SHA512

    c3d73c071ea7da40aad5e693e7690018f488c6d9b74577e111a016deca9fef4725436ee940f82b7940505db21a59f64dedad903a52d0dd39f8446b7f7f99758a

  • SSDEEP

    49152:XOuEZOZHIXrb/TCvO90dL3BmAFd4A64nsfJIUGBXbLxPCZMKd33UicObbWdE5qeH:XOu1oiUoB4X37Z5q0RjyJRJ3pQ+E

Score
9/10

Malware Config

Targets

    • Target

      qitasc.exe

    • Size

      5.1MB

    • MD5

      43ebe9df7e67597a160f5effa8868bf3

    • SHA1

      3cd79d15f53e36e4864122d7af81d12581fbf71c

    • SHA256

      1859dfca6e5251f22c90aa4245a953c6afb26b0d2e6dec2b4747ceef4f7df18d

    • SHA512

      c3d73c071ea7da40aad5e693e7690018f488c6d9b74577e111a016deca9fef4725436ee940f82b7940505db21a59f64dedad903a52d0dd39f8446b7f7f99758a

    • SSDEEP

      49152:XOuEZOZHIXrb/TCvO90dL3BmAFd4A64nsfJIUGBXbLxPCZMKd33UicObbWdE5qeH:XOu1oiUoB4X37Z5q0RjyJRJ3pQ+E

    Score
    9/10
    • Renames multiple (73) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.