Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

a26c69aa02...c6.exe

windows7-x64

10

a26c69aa02...c6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a26c69aa02fe205f76ca769bf7424a555af0b28499e91dda4caa20c916b63cc6

  • Size

    83KB

  • Sample

    250318-jnwvwaxtbt

  • MD5

    1189c846cb20f8b2b997005abafa156e

  • SHA1

    033fa1e272de810f7795286558d62dd31403e5c3

  • SHA256

    a26c69aa02fe205f76ca769bf7424a555af0b28499e91dda4caa20c916b63cc6

  • SHA512

    794d5f842caa580a9e9dd1b83a28e5c20641657ee0b9356926120cc6f1a69008c2600314ac15409787aa565d74efa718a569369655900d8e341bcf52cd133e5a

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO3QhEjBupF:GhfxHNIreQm+HimQhEjBupF

Score
10/10
qqpassdiscoverypersistencetrojan

Malware Config

Extracted

Family

qqpass

C2

http://www.zigui.org/article.php?id=103822

Attributes
  • url

    http://www.mxm9191.com/myrunner_up.exe

  • user_agent

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Targets

    • Target

      a26c69aa02fe205f76ca769bf7424a555af0b28499e91dda4caa20c916b63cc6

    • Size

      83KB

    • MD5

      1189c846cb20f8b2b997005abafa156e

    • SHA1

      033fa1e272de810f7795286558d62dd31403e5c3

    • SHA256

      a26c69aa02fe205f76ca769bf7424a555af0b28499e91dda4caa20c916b63cc6

    • SHA512

      794d5f842caa580a9e9dd1b83a28e5c20641657ee0b9356926120cc6f1a69008c2600314ac15409787aa565d74efa718a569369655900d8e341bcf52cd133e5a

    • SSDEEP

      1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO3QhEjBupF:GhfxHNIreQm+HimQhEjBupF

    Score
    10/10
    qqpassdiscoverypersistencetrojan

    • QQpass

      QQpass is a trojan written in C++..

      trojanqqpass

    • Qqpass family

      qqpass

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks