General
-
Target
f30fb748ce4aaf203383bcfee0ff56b7de189f12b2f7c215304870acd6448115.exe
-
Size
250KB
-
Sample
241114-dt7lnsxmfp
-
MD5
6456d2c7c6f5ce2c6a3abdf5ec10c8a9
-
SHA1
4882ee914063914cde8e193a5430789014649aec
-
SHA256
f30fb748ce4aaf203383bcfee0ff56b7de189f12b2f7c215304870acd6448115
-
SHA512
5076c23c6611ea3764a4697cf240b9e3070b87972152b7659cb6a31aa06a7df365408135d0b1b991b026ee93639b59d7bc449cb39a42d6b59a9797b4a45820e2
-
SSDEEP
6144:puaksu3JjylWeuYM+3UcUgtPRLr/45QKzmyR:pFIylWeJM+vlRHczmy
Static task
static1
Behavioral task
behavioral1
Sample
f30fb748ce4aaf203383bcfee0ff56b7de189f12b2f7c215304870acd6448115.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f30fb748ce4aaf203383bcfee0ff56b7de189f12b2f7c215304870acd6448115.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\PLEASE READ.TXT
https://github.com/qTox/qTox/blob/master/README.md#qtox
https://github.com/qTox/qTox
https://github.com/qTox/qTox/releases/download/v1.17.6/setup-qtox-x86_64-release.exe
https://github.com/qTox/qTox/releases/download/v1.17.6/setup-qtox-i686-release.exe
Extracted
C:\PLEASE READ.TXT
https://github.com/qTox/qTox/blob/master/README.md#qtox
https://github.com/qTox/qTox
https://github.com/qTox/qTox/releases/download/v1.17.6/setup-qtox-x86_64-release.exe
https://github.com/qTox/qTox/releases/download/v1.17.6/setup-qtox-i686-release.exe
Targets
-
-
Target
f30fb748ce4aaf203383bcfee0ff56b7de189f12b2f7c215304870acd6448115.exe
-
Size
250KB
-
MD5
6456d2c7c6f5ce2c6a3abdf5ec10c8a9
-
SHA1
4882ee914063914cde8e193a5430789014649aec
-
SHA256
f30fb748ce4aaf203383bcfee0ff56b7de189f12b2f7c215304870acd6448115
-
SHA512
5076c23c6611ea3764a4697cf240b9e3070b87972152b7659cb6a31aa06a7df365408135d0b1b991b026ee93639b59d7bc449cb39a42d6b59a9797b4a45820e2
-
SSDEEP
6144:puaksu3JjylWeuYM+3UcUgtPRLr/45QKzmyR:pFIylWeJM+vlRHczmy
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Access Token Manipulation
1Create Process with Token
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Access Token Manipulation
1Create Process with Token
1Modify Registry
2