Wireshark-win64-3.4.0.exe

General
Target

Wireshark-win64-3.4.0.exe

Size

58MB

Sample

201120-txvdygyrvx

Score
9 /10
MD5

f427fe6703fdf785bae6274b9ff0cc7d

SHA1

e2dd1f2364d58f93fd44f7330a3068d5bed00154

SHA256

32113e083409de888468e0bfe74ba98e6d618f9685a56a06f15b0506fdf4e462

SHA512

4f6bf082cf838c910907d3e6d7b974e1fb9c8a062d19d5f270d99bd6afbe78cd37e06bfbb2c994ee97ec199c34dc53df59546f9a43ef4f7df9241c49a4dffe98

Malware Config
Targets
Target

Wireshark-win64-3.4.0.exe

MD5

f427fe6703fdf785bae6274b9ff0cc7d

Filesize

58MB

Score
9 /10
SHA1

e2dd1f2364d58f93fd44f7330a3068d5bed00154

SHA256

32113e083409de888468e0bfe74ba98e6d618f9685a56a06f15b0506fdf4e462

SHA512

4f6bf082cf838c910907d3e6d7b974e1fb9c8a062d19d5f270d99bd6afbe78cd37e06bfbb2c994ee97ec199c34dc53df59546f9a43ef4f7df9241c49a4dffe98

Tags

Signatures

  • Checks for common network interception software

    Description

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    Tags

    TTPs

  • Blacklisted process makes network request

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Suspicious Office macro

    Description

    Office document equipped with 4.0 macros.

    Tags

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query Registry Peripheral Device Discovery System Information Discovery
  • JavaScript code in executable

  • Drops file in System32 directory

  • Modifies service

    Tags

    TTPs

    Modify Registry Modify Existing Service

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1