878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f | Triage

Sharing

General

Target

qbittorrent_5.0.3_x64_setup.exe
Size

37.5MB
Sample

250125-m3djma1nam
MD5

83505c82e83bd2e61bd67dfcf30724cf
SHA1

5fbde5f904a7c0e1346b9bcef4a66a7a7dd7e5b9
SHA256

878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f
SHA512

87ead0cac1dd041f7929e68bfdf8b61ac50c9d05a74344ab951f9c624874452e22a30f678a6a059cc3e8906f92189c39cfe7bba6552681140d610edb1b529833
SSDEEP

786432:7nvRa6b9c7DLVZhxGjtYO9NByxgyXXbFTUgCe4Oa0eMe6NwRI/gWfe+C:7paO9c7VZejf3OBbFTU3U+6NxIV+C

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  qbittorrent_5.0.3_x64_setup.exe
- Size
  
  37.5MB
- MD5
  
  83505c82e83bd2e61bd67dfcf30724cf
- SHA1
  
  5fbde5f904a7c0e1346b9bcef4a66a7a7dd7e5b9
- SHA256
  
  878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f
- SHA512
  
  87ead0cac1dd041f7929e68bfdf8b61ac50c9d05a74344ab951f9c624874452e22a30f678a6a059cc3e8906f92189c39cfe7bba6552681140d610edb1b529833
- SSDEEP
  
  786432:7nvRa6b9c7DLVZhxGjtYO9NByxgyXXbFTUgCe4Oa0eMe6NwRI/gWfe+C:7paO9c7VZejf3OBbFTU3U+6NxIV+C
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  qbittorrent.exe
- Size
  
  35.0MB
- MD5
  
  7a47d50bdb7a84a1fa58653f55eb2697
- SHA1
  
  fd767a6225bfdcca0537043b8f647d6ce33f7d1c
- SHA256
  
  6864e1a85198efb8ecf5f26564f7565d4d4e93f1ba7e4359bc05910ad74e83f0
- SHA512
  
  8c292a2a0bd6be2dac30e0f2cefe9bfd73aaff96e0cbb1301bba283fa8eabf378bbbc2c45667ec0cb0092e92d54bc02f054fb74b51eaa9068839225c3915d753
- SSDEEP
  
  393216:FW2SJNQ3qUQh9yIB8XPxjCzzwre3kFkGVIe760wTxw1FH88qPd6AKFdu9CwJsv6f:p+bzT3kFkpeKTxwFqPI5m7
Score

3^/10
behavioral2
- Target
  
  uninst.exe
- Size
  
  138KB
- MD5
  
  69f11311116dea38b390d99ccc295b24
- SHA1
  
  eceb02f012a978f518f0928a00017fe263aeec8a
- SHA256
  
  6f0baf53513b09eee91da1e92a4ac6637e606a645b52adee5fd0402de9232548
- SHA512
  
  73fe603810ccfe1ad2d43ab9917d6adbe8c189d558ed709c7f703c7400848a18b0a989d0a5b18e6b5208ab3d7d5880dd686dea38fc32b8bee0a207436b20ba2e
- SSDEEP
  
  3072:dnPdzuK8Jdw4TMJw3uXceAuH7v6OjxaJE1WQav1vb2MyE:dnPdudwDzmuT6OjxaBQav1TsE
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3