Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1723ff59b9...82.exe

windows7-x64

10

1723ff59b9...82.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1723ff59b968969d2693e425108bdb1bfa04c88249fc5a30d58404a96dc75a82

  • Size

    645KB

  • Sample

    240925-xm664ssanp

  • MD5

    8782f3cdb57dd3509a4794eba3493e73

  • SHA1

    2715631be47484dcda80b5ea754d506d1a62e95a

  • SHA256

    1723ff59b968969d2693e425108bdb1bfa04c88249fc5a30d58404a96dc75a82

  • SHA512

    1190058137cedd26f3358109dcc4837f26c37139031f61c8e43ae4aaf26903f5ffc5549a470b7c64af19ea97a59cbdcf5c98a5318f99cc2ccd3ccebbecb6ed2a

  • SSDEEP

    768:5BBdFYDgao5/AUrLEEzayTpBJfxBDlxcFNXK8D1Foj/:5pcC/eAayJ3Rx0g

Score
10/10
qqpassdiscoverypersistencetrojan

Malware Config

Extracted

Family

qqpass

C2

http://www.zigui.org/article.php?id=103601

Attributes
  • user_agent

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Targets

    • Target

      1723ff59b968969d2693e425108bdb1bfa04c88249fc5a30d58404a96dc75a82

    • Size

      645KB

    • MD5

      8782f3cdb57dd3509a4794eba3493e73

    • SHA1

      2715631be47484dcda80b5ea754d506d1a62e95a

    • SHA256

      1723ff59b968969d2693e425108bdb1bfa04c88249fc5a30d58404a96dc75a82

    • SHA512

      1190058137cedd26f3358109dcc4837f26c37139031f61c8e43ae4aaf26903f5ffc5549a470b7c64af19ea97a59cbdcf5c98a5318f99cc2ccd3ccebbecb6ed2a

    • SSDEEP

      768:5BBdFYDgao5/AUrLEEzayTpBJfxBDlxcFNXK8D1Foj/:5pcC/eAayJ3Rx0g

    Score
    10/10
    qqpassdiscoverypersistencetrojan

    • QQpass

      QQpass is a trojan written in C++..

      trojanqqpass

    • Qqpass family

      qqpass

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks