5513812584a5ba7810b812db7ceec2d0e9cb214cef95a2580e29927cf4fe9921 | Triage

Sharing

General

Target

qbittorrent_5.0.1_x64_setup.exe
Size

37.4MB
Sample

241031-2qx5tssncx
MD5

fd6ea4e1d7b3adb820908ec26b729ea7
SHA1

485b31d0f8394efdaa860c0d4a54227033f40579
SHA256

5513812584a5ba7810b812db7ceec2d0e9cb214cef95a2580e29927cf4fe9921
SHA512

e587c67bd4da787226187918206acfdb9ef4192e884b41e0680cf96458799eeeabde97376dbdfdd89c7de12839a062bd8f8da50b9e6a49c33018461783535c66
SSDEEP

786432:7fFBmZOcw9i54tPYrFrQAEODhrbt+Fn1/Zo2NCILF5Iud3gIwmbN:79BH1e+sFspIteZtQILFDdQIwm5

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  qbittorrent_5.0.1_x64_setup.exe
- Size
  
  37.4MB
- MD5
  
  fd6ea4e1d7b3adb820908ec26b729ea7
- SHA1
  
  485b31d0f8394efdaa860c0d4a54227033f40579
- SHA256
  
  5513812584a5ba7810b812db7ceec2d0e9cb214cef95a2580e29927cf4fe9921
- SHA512
  
  e587c67bd4da787226187918206acfdb9ef4192e884b41e0680cf96458799eeeabde97376dbdfdd89c7de12839a062bd8f8da50b9e6a49c33018461783535c66
- SSDEEP
  
  786432:7fFBmZOcw9i54tPYrFrQAEODhrbt+Fn1/Zo2NCILF5Iud3gIwmbN:79BH1e+sFspIteZtQILFDdQIwm5
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  b4faf654de4284a89eaf7d073e4e1e63
- SHA1
  
  8efcfd1ca648e942cbffd27af429784b7fcf514b
- SHA256
  
  c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3
- SHA512
  
  eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  50016010fb0d8db2bc4cd258ceb43be5
- SHA1
  
  44ba95ee12e69da72478cf358c93533a9c7a01dc
- SHA256
  
  32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
- SHA512
  
  ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
- SSDEEP
  
  48:S46+/pTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8m/ofjLl:zbuPbO5tCZBVEAWyMEFv2CmCL
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  9KB
- MD5
  
  940c56737bf9bb69ce7a31c623d4e87a
- SHA1
  
  f2f3b4e7b9c28df6687ceeaed300a793e3bac445
- SHA256
  
  766a893fe962aefd27c574cb05f25cf895d3fc70a00db5a6fa73d573f571aefc
- SHA512
  
  81c60431619d7eb826b8da997c227c4f7077cc754caa15df6e0e7ae0e33690432bc2a27a7e295998f15e33a17b3d80e492d7cc09fd70dc43daf1cfe86b8746ff
- SSDEEP
  
  192:TYw3C/LSnMoejFXnknIHbGoijTr3dBZ9KPPsnY/T0x9j:TY3LSnlepnknIHKoUrdBZ9uPsY/Ix9j
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  25KB
- MD5
  
  cbe40fd2b1ec96daedc65da172d90022
- SHA1
  
  366c216220aa4329dff6c485fd0e9b0f4f0a7944
- SHA256
  
  3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
- SHA512
  
  62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
- SSDEEP
  
  24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  $PLUGINSDIR/nsisFirewallW.dll
- Size
  
  8KB
- MD5
  
  f5bf81a102de52a4add21b8a367e54e0
- SHA1
  
  cf1e76ffe4a3ecd4dad453112afd33624f16751c
- SHA256
  
  53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2
- SHA512
  
  6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256
- SSDEEP
  
  96:8SMPv+eLDUDp+weLv2lstU+0IgNB2Aa20kdArfOwJKbFrMiRsuHdRYL:wnxLDUwp6sgN2RDrzJMMmsuYL
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  qbittorrent.exe
- Size
  
  34.9MB
- MD5
  
  bebf18e9f646943cfe8067ab60b3ad9e
- SHA1
  
  d9dd3bb1190e70bcb338ffd713fd0c906b29d2c1
- SHA256
  
  c8169df564f2b6bc12b0e0c1d8f628f5e7daafac5b94c5d92211ed631b68a551
- SHA512
  
  531e0d546b02b1946010ca4b4ba8a26f34648efc315f75ba48d7ac534a7656c6c05d2c1a23e5a0ca80ffdc78ec133f4ba6601bb3ab6ce8392a88a8ec93093acb
- SSDEEP
  
  393216:klvHNg/cBByBwR93k0p9O/m/j/ALv7cS+s6gwGex4pvUyrOnRKFdu9CwJsv6tQU6:e7tUS/ALv7cxPx4p8yrMQU6
Score

1^/10
behavioral19 behavioral20
- Target
  
  qbittorrent.pdb
- Size
  
  162.8MB
- MD5
  
  1a7cb8a5dc6a23b2fd0d5b4e0bf1638f
- SHA1
  
  97124f273d2202572d7ac9c35ff33810d291c63f
- SHA256
  
  746a57aec4c0f7f7e4da21d3f6b18c989ea36582acdb00b0e0c3d16331959d5a
- SHA512
  
  bb974fab9fe3068fcf1d2a8a33887f14b942f33ec6ace10e90aaff47a67f80a02be9edcd279876bee89dde9fbcb1edb6f1383330cdec4eaf465e1f45d01bba68
- SSDEEP
  
  393216:4NX806H0hHQexrBAqC91DU31qqyh8emQ5lz8jspZx0xMCbNI+CLX5551z+Ec+Tu:Uc0hHHdBFU9MUqy8M0e1ZB
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  qt.conf
- Size
  
  84B
- MD5
  
  af7f56a63958401da8bea1f5e419b2af
- SHA1
  
  f66ee8779ca6d570dea22fe34ef8600e5d3c5f38
- SHA256
  
  fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3
- SHA512
  
  02f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  uninst.exe
- Size
  
  138KB
- MD5
  
  7ef2fd299b7bffdd88a53223cb6ac426
- SHA1
  
  ea63fc81cc8a9ea3031f5eca4e9ec4c8be25f46e
- SHA256
  
  ba1ec2684ceee82f817b250417985a9ef33dd679f5e97a18e0f8f3fda8a055b1
- SHA512
  
  47da0192a634ae7ea7553ad2e158c505b7cdb0c13ec956424f8777522609544bf059ac7b6919c877a2c67e7576e8237071d0962cfa59b321eb0ff7d53245e6f6
- SSDEEP
  
  3072:dnPdzuK8Jdw4TMJw3uXceAgF88Q0ejM6ocOSlH/Hs9:dnPdudwDzmgO8iPOSJM9
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral25 behavioral26
- Target
  
  $PLUGINSDIR/FindProcDLL.dll
- Size
  
  3KB
- MD5
  
  b4faf654de4284a89eaf7d073e4e1e63
- SHA1
  
  8efcfd1ca648e942cbffd27af429784b7fcf514b
- SHA256
  
  c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3
- SHA512
  
  eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  50016010fb0d8db2bc4cd258ceb43be5
- SHA1
  
  44ba95ee12e69da72478cf358c93533a9c7a01dc
- SHA256
  
  32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
- SHA512
  
  ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
- SSDEEP
  
  48:S46+/pTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8m/ofjLl:zbuPbO5tCZBVEAWyMEFv2CmCL
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32