qqpass | a1437e49b0077b82a3ccb0811d776c466b45482dbccd7598a271805535ea1a2f | Triage

Sharing

General

Target

a1437e49b0077b82a3ccb0811d776c466b45482dbccd7598a271805535ea1a2f
Size

80KB
Sample

250317-km3gpsymw6
MD5

69ad0749529bcc291469e8e86d3b822c
SHA1

1a9a2cdc4547e97333af37345b34d9096ea4e055
SHA256

a1437e49b0077b82a3ccb0811d776c466b45482dbccd7598a271805535ea1a2f
SHA512

57ff8fb88887555df2d596f2de9c5d0950d51d85c0e32d2194a5b513b0c853aee0273877b0c168c6861f23873555911938c9d687af8c1a15ab6b6c8958304a7b
SSDEEP

1536:uzfMMkPZE1J7S6/PMj42VJEY4ujMepJtANuOAl0QQsIEySYndfcl:8fMNE1JG6XMk27EbpOthl0ZUed0l

Score

10^/10

qqpass discovery trojan

Malware Config

Extracted

Family

qqpass

C2

http://zc.qq.com/chs/index.html

Attributes

url
http://i2.tietuku.com/8975c2a506763d03.jpg
user_agent
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

Targets

- Target
  
  a1437e49b0077b82a3ccb0811d776c466b45482dbccd7598a271805535ea1a2f
- Size
  
  80KB
- MD5
  
  69ad0749529bcc291469e8e86d3b822c
- SHA1
  
  1a9a2cdc4547e97333af37345b34d9096ea4e055
- SHA256
  
  a1437e49b0077b82a3ccb0811d776c466b45482dbccd7598a271805535ea1a2f
- SHA512
  
  57ff8fb88887555df2d596f2de9c5d0950d51d85c0e32d2194a5b513b0c853aee0273877b0c168c6861f23873555911938c9d687af8c1a15ab6b6c8958304a7b
- SSDEEP
  
  1536:uzfMMkPZE1J7S6/PMj42VJEY4ujMepJtANuOAl0QQsIEySYndfcl:8fMNE1JG6XMk27EbpOthl0ZUed0l
Score

10^/10

qqpass discovery trojan
- QQpass
  QQpass is a trojan written in C++..
  trojan qqpass
- Qqpass family
  qqpass
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qqpassdiscoverytrojan

behavioral2

qqpassdiscoverytrojan