qqpass | a09ad657f4de428f42e5844008a2cfed68075ba4fa5413aeb6635cb0aa6d521f | Triage

Sharing

General

Target

a09ad657f4de428f42e5844008a2cfed68075ba4fa5413aeb6635cb0aa6d521f.exe
Size

28KB
Sample

250323-gd7hhs1saw
MD5

64cdbe318ab8921f4f797545fa28eaba
SHA1

c4884a6717dc010ff0af0735a078226734b80307
SHA256

a09ad657f4de428f42e5844008a2cfed68075ba4fa5413aeb6635cb0aa6d521f
SHA512

d5cc523260bc6b2fc30cbef932757fa062f41beffe98cdb0b2fdb0a34e4a980b9789c17f7c67281dbc68a0eff593bf1b8c2911cb31d5f563da5274264204927c
SSDEEP

768:plsh/EIjPBW7LmLq0bv7rox9vXy7xj000k:pr6P8uLq0bvuR+j

Score

10^/10

qqpass discovery persistence trojan

Malware Config

Extracted

Family

qqpass

C2

http://www.rongshuxia.com/rss/viewart.rs?aid=1828

Attributes

url
http://www.mxm9191.com/myrunner_up.exe
user_agent
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

Targets

- Target
  
  a09ad657f4de428f42e5844008a2cfed68075ba4fa5413aeb6635cb0aa6d521f.exe
- Size
  
  28KB
- MD5
  
  64cdbe318ab8921f4f797545fa28eaba
- SHA1
  
  c4884a6717dc010ff0af0735a078226734b80307
- SHA256
  
  a09ad657f4de428f42e5844008a2cfed68075ba4fa5413aeb6635cb0aa6d521f
- SHA512
  
  d5cc523260bc6b2fc30cbef932757fa062f41beffe98cdb0b2fdb0a34e4a980b9789c17f7c67281dbc68a0eff593bf1b8c2911cb31d5f563da5274264204927c
- SSDEEP
  
  768:plsh/EIjPBW7LmLq0bv7rox9vXy7xj000k:pr6P8uLq0bvuR+j
Score

10^/10

qqpass discovery persistence trojan
- QQpass
  QQpass is a trojan written in C++..
  trojan qqpass
- Qqpass family
  qqpass
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

qqpassdiscoverypersistencetrojan

behavioral2

qqpassdiscoverypersistencetrojan