General

  • Target

    QPST.WIN.2.7 Installer-00425.1.zip

  • Size

    25.7MB

  • Sample

    241118-dbkdesxbjr

  • MD5

    b9877ebd5871ca463e9f726d992b9a6f

  • SHA1

    548d5dc6da9226c2f5df69e7b92d24e3137f1332

  • SHA256

    e29be9c5768052538cd18a6ba5b5ca7371b642ad3692c84e077ab693bcda4f00

  • SHA512

    7bea4b751def3ee8a53134d20623629b04cc7d380604f0c2975037f9a4f60715376ecb08c7617764446dc76fd173f2bf13b959d84b6688e9690ca0faa3eacf41

  • SSDEEP

    393216:q/DVnhKRKydA+PoOcZ6vHh/atVexcYZq14+grylqNbk0yWlLWPoBzD998S8w:OGMz6HhytkxBZqC+IyGXRlLsoBzD99bF

Malware Config

Targets

    • Target

      QPST.WIN.2.7 Installer-00425.1.zip

    • Size

      25.7MB

    • MD5

      b9877ebd5871ca463e9f726d992b9a6f

    • SHA1

      548d5dc6da9226c2f5df69e7b92d24e3137f1332

    • SHA256

      e29be9c5768052538cd18a6ba5b5ca7371b642ad3692c84e077ab693bcda4f00

    • SHA512

      7bea4b751def3ee8a53134d20623629b04cc7d380604f0c2975037f9a4f60715376ecb08c7617764446dc76fd173f2bf13b959d84b6688e9690ca0faa3eacf41

    • SSDEEP

      393216:q/DVnhKRKydA+PoOcZ6vHh/atVexcYZq14+grylqNbk0yWlLWPoBzD998S8w:OGMz6HhytkxBZqC+IyGXRlLsoBzD99bF

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Detected potential entity reuse from brand PAYPAL.

    • Drops file in System32 directory

    • Target

      QPST.2.7.425.msi

    • Size

      18.8MB

    • MD5

      22de8c14c311b0765fb2456fd1b69963

    • SHA1

      8ea5b404dbb35cf45d34f2d7e46b258eb1b92829

    • SHA256

      64a76a6ccc9f2623f8a12be8c2ae04b409144df06ca9a64845d3a1355c1609a2

    • SHA512

      89659f530abb0a149e002afaa98270435b2ea0b1fcc89edc7e1837f6f8ff312aa6847b2b1856ad8cce48334621a261395f6b9391ff1bf7262d1c137a8ae5baf1

    • SSDEEP

      393216:J5QL/7p6A3z5sG2myiirQjMmphm2k1QM5N+SM:zqUAlsHvi6YMsm/1QMrx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Target

      setup.exe

    • Size

      392KB

    • MD5

      e5d30497b14d5a2779aa07feb2fb66af

    • SHA1

      c5481f5bee98f3de66d78e1462edcf4bdb57d69f

    • SHA256

      dd4c4711211900ce631901d0c24497b2b92eb116c39bef62ff2139cb2da60412

    • SHA512

      a27ba1a83d09dd57f93e5e8d113671a65ade9947a88311ae84b3b8f3aeab119fe8d3e60089d2801bbe103d35d9657850d650f94580d54e98f1a3b604b0433b1a

    • SSDEEP

      6144:wqIpd/w8ylWKxavR+dJ1oMBClrbMAo+nhmuFfvY0SHZvuD3+ojDuUlXzeO:w7IRWDvFa+nhmuF3Y0sc+eDuUlXy

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Target

      vcredist_x86/vcredist_x86.exe

    • Size

      8.6MB

    • MD5

      1801436936e64598bab5b87b37dc7f87

    • SHA1

      28c54491be70c38c97849c3d8cfbfdd0d3c515cb

    • SHA256

      67313b3d1bc86e83091e8de22981f14968f1a7fb12eb7ad467754c40cd94cc3d

    • SHA512

      0b8f20b0f171f49eb49367f1aafa7101e1575ef055d7007197c21ab8fe8d75a966569444449858c31bd147357d2bf5a5bd623fe6c4dbabdc7d16999b3256ab8c

    • SSDEEP

      196608:e9A3DAnfudQZKuNK0kMp2Wxw2tr3aA5Jegn9kaK6Hj0aaNz9ZBJ7C:t3DAnGKZKuNK0SvAn9kaK6gaaNRZbC

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

MITRE ATT&CK Enterprise v15

Tasks