An Analysis of the Qadars Banking Trojan
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Scheduled Task - T1053.005 Software - T1592.002 Scheduled Task - T1053
Show in Graph
Common Information
Type Value
UUID 4105b7b5-bc32-417e-8ac7-a3471665942c
Fingerprint a40c3949eca28496
Analysis status DONE
Considered CTI value 0
Text language
Published July 23, 2015, 8:10 a.m.
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 6:50 p.m.
Headline UNKNOWN
Title An Analysis of the Qadars Banking Trojan
Detected Hints/Tags/Attributes 44/1/19
Source URLs
Redirection Url
Details Source https://securityintelligence.com/an-analysis-of-the-qadars-trojan/
URL Provider
Details Provider Source level domain
Details securityintelligence.com securityintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 97 
virustotal.com
Details Domain 1 
soft.kcssoft.biz
Details Domain 1 
ft.kcssoft.biz
Details Domain 1 
linksbacksreport.com
Details File 1 
%appdata%\mfzxahcb\hqhkwbsv\pmqlmktj\opqvnirgs.exe
Details File 1 
c:\documents an 00854f00 64 20 53 65 74 74 69 6e 67 73 5c 69 5c 41 70 70 d settings\i\app 00854f10 6c 69 63 61 74 69 6f 6e 20 44 61 74 61 5c 4d 66 lication data\mf 00854f20 7a 78 41 48 43 62 5c 48 51 48 4b 57 62 73 76 5c zxahcb\hqhkwbsv\ 00854f30 50 4d 71 4c 4d 4b 74 6a 5c 6f 50 51 56 4e 69 52 pmqlmktj\opqvnir 00854f40 67 73 2e 65 78 65 6c 77 49 6e 73 74 61 6c 6c 50 gs.exe
Details File 1 
netreport.php
Details File 9 
dump.txt
Details md5 1 
972958A65880B55A0EBD5559078C1735
Details sha256 1 
563379a48d876f6c35317bb7551efeb55754123056109ab030d1e796ae1b9c2c
Details IPv4 1 
9.7.2.9
Details IPv4 1 
5.8.8.0
Details IPv4 1 
5.5.5.9
Details IPv4 2 
1.7.3.5
Details IPv4 31 
2.0.0.0
Details Url 1 
http://soft.kcssoft.biz/netreport.php
Details Windows Registry Key 164 
HKLM\SOFTWARE\Microsoft\Windows
Details Windows Registry Key 13 
HKCU\Software\Classes\CLSID
Details Windows Registry Key 9 
HKEY_CURRENT_USER\Software\Classes\CLSID