Qiling

Qiling is a malware family that is active in the Loader category and is widely observed around the world. This sample was identified as a modular loader designed to install additional malware on the target system. This installer, which is usually distributed through spam campaigns or drive-by download attacks, can be used for banking purposes after infiltrating the system.

History

Qiling, emulasyon ve analiz cercevesi ortamlarinda zararlı yazilim davranisini simule etmek icin kullanilan bir araç olarak ortaya cikmistir. Zararlı yazilim analiz toplulugunca benimsenen bu cerceve, bazi kotu amacli aktörler tarafindan da kötüye kullanilmaktadir.

Technical Details

Loader ailesi: HTTP/HTTPS C2, payload sifre cozme ve bellek icerisinde yükleme, anti-sandbox/VM kontrolleri, process injection, persistence mekanizmasi, yükü indirme ve calistirma zinciri
Threat Profile
Type Loader
Programming LanguagePython
C2 ProtocolHTTP
First Seen2020
Targets Windows
Purpose / Capabilities
  • Payload Download
  • Process Injection
  • Persistence
  • Anti-Analysis
No C2 servers have been identified for this family yet.