5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8

Sharing

Copy URL

Twitter E-mail

General

Target

FiddlerSetup.exe
Size

6.5MB
Sample

240322-vzpfqage3s
MD5

7fd1119b5f29e4094228dabf57e65a9d
SHA1

1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
SHA256

5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
SHA512

20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787
SSDEEP

196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s

Score

9^/10

evasion

Malware Config

Targets

- Target
  
  FiddlerSetup.exe
- Size
  
  6.5MB
- MD5
  
  7fd1119b5f29e4094228dabf57e65a9d
- SHA1
  
  1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
- SHA256
  
  5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
- SHA512
  
  20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787
- SSDEEP
  
  196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s
Score

9^/10

evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FiddlerSetup.exe
- Size
  
  3.2MB
- MD5
  
  092879b4ec0b7a59be6273035da99e27
- SHA1
  
  282f2602469017d4d8401e84e248a6c138b7de97
- SHA256
  
  87d5fd5bfadffa31f6b72923be4d4a46335b3e32a4f6e306f90d04d4aed49c50
- SHA512
  
  dde4050f6a26dc0feecb7a7f2563f33db5615c15c0dd1f3e6bf8ff8aa3a4ced68a53ae66c179f56dda5a50185b5053460e63c5a0489b141d11372aacfcea4cf9
- SSDEEP
  
  98304:+9xo4q2xd3gk8wDC4ObcEUkNhvk8ZZAQr:+962sDwuahkk8ZaQr
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b8992e497d57001ddf100f9c397fcef5
- SHA1
  
  e26ddf101a2ec5027975d2909306457c6f61cfbd
- SHA256
  
  98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
- SHA512
  
  8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
- SSDEEP
  
  192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
Score

3^/10
behavioral5 behavioral6
- Target
  
  Analytics.dll
- Size
  
  32KB
- MD5
  
  1c2bd080b0e972a3ee1579895ea17b42
- SHA1
  
  a09454bc976b4af549a6347618f846d4c93b769b
- SHA256
  
  166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
- SHA512
  
  946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
- SSDEEP
  
  384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score

1^/10
behavioral7 behavioral8
- Target
  
  Be.Windows.Forms.HexBox.dll
- Size
  
  60KB
- MD5
  
  e6f7b8c5ec4d1543eaa7f5d148c6327c
- SHA1
  
  61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec
- SHA256
  
  bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
- SHA512
  
  6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4
- SSDEEP
  
  1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve
Score

1^/10
behavioral10 behavioral9
- Target
  
  DotNetZip.dll
- Size
  
  449KB
- MD5
  
  11bbdf80d756b3a877af483195c60619
- SHA1
  
  99aca4f325d559487abc51b0d2ebd4dca62c9462
- SHA256
  
  698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1
- SHA512
  
  ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29
- SSDEEP
  
  6144:WuCIjULqwIvFC/scNRmglrCYc9vnIJtrGtSV41kJDsTDDfiSLe6XOxLV/f:kDLZrPtLWn7S4csHiSe6+ff
Score

1^/10
behavioral11 behavioral12
- Target
  
  EnableLoopback.exe
- Size
  
  95KB
- MD5
  
  5d16400084f534535c922180c562bd70
- SHA1
  
  20444c63a2e6ff17a1970f8af0744c0ccfdbb659
- SHA256
  
  0ccf6f4b2f6e89ddb50b3075fd6b604ef7c0d6b13ce377781d898dcd8f9c91d7
- SHA512
  
  b9dc50aac871ff81c54e000adb1de11c17aeea75fbc80afa5f025d1efe6c79acbfd05b5de6066f084ed0e26d4287c354984195e7aa134545846d371f84063bd0
- SSDEEP
  
  768:izEI16zcI2eTcvEWm/ljPjOPAxr25znrSh7A8g3CqnZZ6qmmlGThRR2fTnR2fTT0:y1H5MiP1zrSh7JwZQxmlGKyn6hb
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  ExecAction.exe
- Size
  
  19KB
- MD5
  
  519310853c0ee273a3f8787d7518dd2e
- SHA1
  
  22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8
- SHA256
  
  a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272
- SHA512
  
  30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d
- SSDEEP
  
  192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY
Score

1^/10
behavioral15 behavioral16
- Target
  
  FSE2.exe
- Size
  
  50KB
- MD5
  
  44f37783cd2889a9eb8232c263339e68
- SHA1
  
  cd186e0bc8ecb3e063e68d5923bd5e7b165e3532
- SHA256
  
  d43b4fa2b5b61429905f707959657430fc67a2a23351757b09af15c680e6efbf
- SHA512
  
  65880a8ee81a67e866babc71988f6af31084e690b6e172cfb14c51315accef92a26a73cedac9846ba4348a01b328400d942131b5704a8f91f7c804ae1100d2fd
- SSDEEP
  
  768:VhiPG/q1nVY2kh5yGJMwvH8Ufrg04g0rTpEikGWwd:HzonVXkhVJMwvH5frgsOd
Score

3^/10
behavioral17 behavioral18
- Target
  
  Fiddler.exe
- Size
  
  1.5MB
- MD5
  
  a5b8c0f51898e9d55e4b3aa7904adf32
- SHA1
  
  5eaff276409670f3e8ce4cbb17086f1362d18868
- SHA256
  
  5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3
- SHA512
  
  6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427
- SSDEEP
  
  12288:nkcQS3I8s758yMQhaTqylrpxVKXgDPL5daRtriRStgz+/iUFu0o3AklQvleUl053:rOrc7WeJ3WZwo343m+pmjtSDN
Score

3^/10
behavioral19 behavioral20
- Target
  
  ForceCPU.exe
- Size
  
  19KB
- MD5
  
  b982a103b0d4e0db856026a163124bf3
- SHA1
  
  40772be00068bbd394ff0fccd551151a822f3e70
- SHA256
  
  2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
- SHA512
  
  214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
- SSDEEP
  
  192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score

1^/10
behavioral21 behavioral22
- Target
  
  GA.Analytics.Monitor.dll
- Size
  
  52KB
- MD5
  
  6f9e5c4b5662c7f8d1159edcba6e7429
- SHA1
  
  c7630476a50a953dab490931b99d2a5eca96f9f6
- SHA256
  
  e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
- SHA512
  
  78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
- SSDEEP
  
  768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score

1^/10
behavioral23 behavioral24
- Target
  
  ImportExport/BasicFormats.dll
- Size
  
  124KB
- MD5
  
  034faf419a2e1878f383edbcc7fb1616
- SHA1
  
  7814adc2245d920c826e92d249a3ef835df9160c
- SHA256
  
  a208720a293a0ade9bc0783cdbc351ce5c7746395c2f2fb1ee8f538de054d06d
- SHA512
  
  5f32f46701ad3c5f2336ab2a8d3043ed616b44967ce7704885dba64d09fc1376fd1fd45d7cf038755669748ba8d16dd08cbb28cbcb187a8acb1e4ac24f3bbba7
- SSDEEP
  
  3072:U7oO+xPm/sjzY4WctGYPhfhGr1rERA1TenDV++HOb2f89rv:pxVtTJfz2QQ9rv
Score

1^/10
behavioral25 behavioral26
- Target
  
  ImportExport/VSWebTestExport.dll
- Size
  
  57KB
- MD5
  
  465e56c7b9aaa00dd5ef62279317b0f2
- SHA1
  
  a5ee6ccafb59ef4e7f34c785c3ddf3c39d10e82d
- SHA256
  
  7dc516841f65a2004b127c55c320be350e13d83e2180fcf78700faaa2deeb068
- SHA512
  
  df579ecb8dc6ff4d09ad943531fa3dcca5ce507da54d04c97fd75f470dc8033a5e79b9e50d7de9c6c6598d3c36f11e5f98262e6242b40c337f60d6ac65dba581
- SSDEEP
  
  768:k12VLhSX96KTIvdF9TyT7Enn/IRXILJtGiU83aTU5lhRR2fTLcR2fTOXeN266bl:NtU5CdB/LtrU83asota86bl
Score

1^/10
behavioral27 behavioral28
- Target
  
  Inspectors/QWhale.Common.dll
- Size
  
  192KB
- MD5
  
  ac80e3ca5ec3ed77ef7f1a5648fd605a
- SHA1
  
  593077c0d921df0819d48b627d4a140967a6b9e0
- SHA256
  
  93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
- SHA512
  
  3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
- SSDEEP
  
  1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score

1^/10
behavioral29 behavioral30
- Target
  
  Inspectors/QWhale.Editor.dll
- Size
  
  816KB
- MD5
  
  eaa268802c633f27fcfc90fd0f986e10
- SHA1
  
  21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
- SHA256
  
  fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
- SHA512
  
  c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
- SSDEEP
  
  12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks for common network interception software

Modifies Windows Firewall

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32