Qiling
Qiling is a malware family that is active in the Loader category and is widely observed around the world. This sample was identified as a modular loader designed to install additional malware on the target system. This installer, which is usually distributed through spam campaigns or drive-by download attacks, can be used for banking purposes after infiltrating the system.
History
Qiling, emulasyon ve analiz cercevesi ortamlarinda zararlı yazilim davranisini simule etmek icin kullanilan bir araç olarak ortaya cikmistir. Zararlı yazilim analiz toplulugunca benimsenen bu cerceve, bazi kotu amacli aktörler tarafindan da kötüye kullanilmaktadir.
Technical Details
Loader ailesi: HTTP/HTTPS C2, payload sifre cozme ve bellek icerisinde yükleme, anti-sandbox/VM kontrolleri, process injection, persistence mekanizmasi, yükü indirme ve calistirma zinciri
Threat Profile
Type
Loader
Programming LanguagePython
C2 ProtocolHTTP
First Seen2020
Targets
Windows
Purpose / Capabilities
- Payload Download
- Process Injection
- Persistence
- Anti-Analysis
No C2 servers have been identified for this family yet.