878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f | Triage

Sharing

General

Target

qbittorrent_5.0.3_x64_setup.exe
Size

37.5MB
Sample

250125-mstg4a1kbk
MD5

83505c82e83bd2e61bd67dfcf30724cf
SHA1

5fbde5f904a7c0e1346b9bcef4a66a7a7dd7e5b9
SHA256

878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f
SHA512

87ead0cac1dd041f7929e68bfdf8b61ac50c9d05a74344ab951f9c624874452e22a30f678a6a059cc3e8906f92189c39cfe7bba6552681140d610edb1b529833
SSDEEP

786432:7nvRa6b9c7DLVZhxGjtYO9NByxgyXXbFTUgCe4Oa0eMe6NwRI/gWfe+C:7paO9c7VZejf3OBbFTU3U+6NxIV+C

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  qbittorrent_5.0.3_x64_setup.exe
- Size
  
  37.5MB
- MD5
  
  83505c82e83bd2e61bd67dfcf30724cf
- SHA1
  
  5fbde5f904a7c0e1346b9bcef4a66a7a7dd7e5b9
- SHA256
  
  878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f
- SHA512
  
  87ead0cac1dd041f7929e68bfdf8b61ac50c9d05a74344ab951f9c624874452e22a30f678a6a059cc3e8906f92189c39cfe7bba6552681140d610edb1b529833
- SSDEEP
  
  786432:7nvRa6b9c7DLVZhxGjtYO9NByxgyXXbFTUgCe4Oa0eMe6NwRI/gWfe+C:7paO9c7VZejf3OBbFTU3U+6NxIV+C
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1
- Target
  
  uninst.exe
- Size
  
  138KB
- MD5
  
  69f11311116dea38b390d99ccc295b24
- SHA1
  
  eceb02f012a978f518f0928a00017fe263aeec8a
- SHA256
  
  6f0baf53513b09eee91da1e92a4ac6637e606a645b52adee5fd0402de9232548
- SHA512
  
  73fe603810ccfe1ad2d43ab9917d6adbe8c189d558ed709c7f703c7400848a18b0a989d0a5b18e6b5208ab3d7d5880dd686dea38fc32b8bee0a207436b20ba2e
- SSDEEP
  
  3072:dnPdzuK8Jdw4TMJw3uXceAuH7v6OjxaJE1WQav1vb2MyE:dnPdudwDzmuT6OjxaBQav1TsE
Score

7^/10

discovery
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral2
- Target
  
  $PLUGINSDIR/nsisFirewallW.dll
- Size
  
  8KB
- MD5
  
  f5bf81a102de52a4add21b8a367e54e0
- SHA1
  
  cf1e76ffe4a3ecd4dad453112afd33624f16751c
- SHA256
  
  53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2
- SHA512
  
  6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256
- SSDEEP
  
  96:8SMPv+eLDUDp+weLv2lstU+0IgNB2Aa20kdArfOwJKbFrMiRsuHdRYL:wnxLDUwp6sgN2RDrzJMMmsuYL
Score

3^/10

discovery
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3