Overview

overview

9

Static

static

3

FiddlerSet...st.exe

windows10-1703-x64

9

$PLUGINSDI...up.exe

windows10-1703-x64

3

$PLUGINSDI...em.dll

windows10-1703-x64

3

Analytics.dll

windows10-1703-x64

1

Be.Windows...ox.dll

windows10-1703-x64

1

DotNetZip.dll

windows10-1703-x64

1

EnableLoopback.exe

windows10-1703-x64

7

ExecAction.exe

windows10-1703-x64

1

FSE2.exe

windows10-1703-x64

3

Fiddler.exe

windows10-1703-x64

7

ForceCPU.exe

windows10-1703-x64

1

GA.Analyti...or.dll

windows10-1703-x64

1

ImportExpo...ts.dll

windows10-1703-x64

1

ImportExpo...rt.dll

windows10-1703-x64

1

Inspectors...on.dll

windows10-1703-x64

1

Inspectors...or.dll

windows10-1703-x64

1

Inspectors...es.dll

windows10-1703-x64

1

Inspectors...ax.dll

windows10-1703-x64

1

Inspectors...rd.dll

windows10-1703-x64

1

Inspectors...ew.dll

windows10-1703-x64

1

Newtonsoft.Json.dll

windows10-1703-x64

1

Plugins/Ne...ws.dll

windows10-1703-x64

1

RunNsisUni...rs.bat

windows10-1703-x64

1

ScriptEdit...cs.dll

windows10-1703-x64

1

ScriptEdit...or.dll

windows10-1703-x64

1

ScriptEdit...on.dll

windows10-1703-x64

1

ScriptEdit...or.dll

windows10-1703-x64

1

ScriptEdit...rs.dll

windows10-1703-x64

1

ScriptEdit...ax.dll

windows10-1703-x64

1

Scripts/Fi...on.dll

windows10-1703-x64

1

Scripts/Fi...on.dll

windows10-1703-x64

1

$PLUGINSDI...em.dll

windows10-1703-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FiddlerSetup.5.0.20243.10853-latest.exe

  • Size

    4.4MB

  • Sample

    240523-alnxtaef26

  • MD5

    68c831dc8ee4a88592e26cb79a08d410

  • SHA1

    67ffba83eac8f1b7414d7048d681240ddc747c63

  • SHA256

    174c811a5c0da930f53f29d68fcce985e88994e4bef869a04b57f399bef25bbc

  • SHA512

    af3de69884cdc9b361a8a8764ddfa2cc2c67ad7e5319f1dceb7496d8f8639a85b042bffddf9516d796f7b21ee453d66dc80b139bcc7213de43b41f92d8acf2d7

  • SSDEEP

    98304:Q3T82KbCk8NKNgKl3xpQ3Ll02nSadHnV8t7PrMT:Q3TLkCEpwx02nVdHoDrY

Score
9/10
discoveryevasion

Malware Config

Targets

    • Target

      FiddlerSetup.5.0.20243.10853-latest.exe

    • Size

      4.4MB

    • MD5

      68c831dc8ee4a88592e26cb79a08d410

    • SHA1

      67ffba83eac8f1b7414d7048d681240ddc747c63

    • SHA256

      174c811a5c0da930f53f29d68fcce985e88994e4bef869a04b57f399bef25bbc

    • SHA512

      af3de69884cdc9b361a8a8764ddfa2cc2c67ad7e5319f1dceb7496d8f8639a85b042bffddf9516d796f7b21ee453d66dc80b139bcc7213de43b41f92d8acf2d7

    • SSDEEP

      98304:Q3T82KbCk8NKNgKl3xpQ3Ll02nSadHnV8t7PrMT:Q3TLkCEpwx02nVdHoDrY

    Score
    9/10
    discoveryevasion

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

    • Target

      $PLUGINSDIR/FiddlerSetup.exe

    • Size

      4.4MB

    • MD5

      9cfc955fb5d23835a83883134aca8db9

    • SHA1

      3aaf8cec695c3d4457e4cec2f573c42c1bb597b1

    • SHA256

      229085282b304f9e76d1282419255201941948a7961472e00f28f09dd0a20ca2

    • SHA512

      f57591cbb90338fa374c80967992498c33f32efac441469f79627f12b01c2d28da690da8e73fa9c2f602c054fae60ac92e1bdf0860540b6f36eda752129dd56d

    • SSDEEP

      98304:vT82KbCk8NKNgKl3xpQ3Ll02nSadHnV8t7PrMB:vTLkCEpwx02nVdHoDrE

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      192639861e3dc2dc5c08bb8f8c7260d5

    • SHA1

      58d30e460609e22fa0098bc27d928b689ef9af78

    • SHA256

      23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

    • SHA512

      6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

    • SSDEEP

      192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr

    Score
    3/10
    behavioral3

    • Target

      Analytics.dll

    • Size

      32KB

    • MD5

      1c2bd080b0e972a3ee1579895ea17b42

    • SHA1

      a09454bc976b4af549a6347618f846d4c93b769b

    • SHA256

      166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

    • SHA512

      946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

    • SSDEEP

      384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7

    Score
    1/10
    behavioral4

    • Target

      Be.Windows.Forms.HexBox.dll

    • Size

      60KB

    • MD5

      e6f7b8c5ec4d1543eaa7f5d148c6327c

    • SHA1

      61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec

    • SHA256

      bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e

    • SHA512

      6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4

    • SSDEEP

      1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve

    Score
    1/10
    behavioral5

    • Target

      DotNetZip.dll

    • Size

      461KB

    • MD5

      a999d7f3807564cc816c16f862a60bbe

    • SHA1

      1ee724daaf70c6b0083bf589674b6f6d8427544f

    • SHA256

      8e9c0362e9bfb3c49af59e1b4d376d3e85b13aed0fbc3f5c0e1ebc99c07345f3

    • SHA512

      6f1f73314d86ae324cc7f55d8e6352e90d4a47f0200671f7069daa98592daaceea34cf89b47defbecdda7d3b3e4682de70e80a5275567b82aa81b002958e4414

    • SSDEEP

      6144:DuCInHLhJI4FY/ixjci6ychf8xalGQGtSV41kJDsTDDpBnse6OVxLV/W:3QL32ikCaUS4csRBse6sfW

    Score
    1/10
    behavioral6

    • Target

      EnableLoopback.exe

    • Size

      82KB

    • MD5

      a897a628beb719bf888c95d70602ee83

    • SHA1

      fe9dcec7c9c6f4f664814db6eb611a9a235a04b7

    • SHA256

      1ab2c4a1d6d2b4899f63111466e4ebf944ab2ec7917926b20028bf181b22f49a

    • SHA512

      11e6c91db91a3233bd4a68711e26144ad96f5f5b8f22004efb08a45d96e3526592ebc49aa6c20b3b8739c6091e3ffade4badefae20e07983e4ab2bc890354a05

    • SSDEEP

      1536:21H50wOLFzrSh7DwZ7xmlkcYx8PfIctGl:21H5EFzrSh7bkd8Ijl

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral7

    • Target

      ExecAction.exe

    • Size

      19KB

    • MD5

      519310853c0ee273a3f8787d7518dd2e

    • SHA1

      22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8

    • SHA256

      a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272

    • SHA512

      30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d

    • SSDEEP

      192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY

    Score
    1/10
    behavioral8

    • Target

      FSE2.exe

    • Size

      50KB

    • MD5

      b03e0f29eda6e4629646560c8cbb6b0a

    • SHA1

      dbd2d49721f4d1838a72023ce227406b6b532272

    • SHA256

      3ba5c6b11b139f4cc94b8ebb232e5743b5cf759de6dc13a21b1ed91fe9678d85

    • SHA512

      47f1a32e0c021b20b31e76004d937be36dcbadb5a33d785dd92010528d006146f6067e0b5044903bbb80ba155b0a8e45fde2ff74a020b8ae87e2a6740ccf8b5a

    • SSDEEP

      768:IhiPG/qDnv6rF+zQ3Eo8G0gsH8Ufj02e0r/pEHkGzwR:4zKniZ+z7o8/gsH5fjnrR

    Score
    3/10
    behavioral9

    • Target

      Fiddler.exe

    • Size

      3.5MB

    • MD5

      d8d686a8e171c52a856187dd6d5b18f2

    • SHA1

      53bd857635684130bf340995e452457a61bcee23

    • SHA256

      892ff0f941cba2ef1e8d5f7ddb14002e21c95f21a132c50762a4c79ef9fdc475

    • SHA512

      fb1f026d92cd2cbcdc0ce9a4bb81a370999cca77c99c5db2b6089a510f55af9aa1c908727fe3f31de3ec8eb3142b3b1f7e2deeca641e2b9d56eb3543ebbbe714

    • SSDEEP

      49152:1eKNJIAQNW8kwdMxVZaNoZy9o1iQtGqc56S54:1eYJIAQNWvwd+G4iKGqy1i

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral10

    • Target

      ForceCPU.exe

    • Size

      19KB

    • MD5

      b982a103b0d4e0db856026a163124bf3

    • SHA1

      40772be00068bbd394ff0fccd551151a822f3e70

    • SHA256

      2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d

    • SHA512

      214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327

    • SSDEEP

      192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv

    Score
    1/10
    behavioral11

    • Target

      GA.Analytics.Monitor.dll

    • Size

      52KB

    • MD5

      6f9e5c4b5662c7f8d1159edcba6e7429

    • SHA1

      c7630476a50a953dab490931b99d2a5eca96f9f6

    • SHA256

      e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

    • SHA512

      78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

    • SSDEEP

      768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi

    Score
    1/10
    behavioral12

    • Target

      ImportExport/BasicFormats.dll

    • Size

      112KB

    • MD5

      1a9fddba5da127c177a48e6d38545143

    • SHA1

      7fb7befd25e23de2f8ce19765a2b79abb262fc5d

    • SHA256

      74a6e70d6431196b39c96947d719fe0e6226a3c0fea97cd15ee8ca41b6005141

    • SHA512

      5b60cc17266037e764fb9aa9195801ca0850d862fdbec31968bf710d333db32fb86f672ad13711ee86b573beb345ffbe12c170cf8a87f38520354c96c347ca56

    • SSDEEP

      3072:c5zlHe5PmFt6DRIn9TQupG9H1rERA1TenjV++HOy2gsE:QlU62gt

    Score
    1/10
    behavioral13

    • Target

      ImportExport/VSWebTestExport.dll

    • Size

      44KB

    • MD5

      96df2ae9bd6ae0e0b9ee4385d7d5f2ec

    • SHA1

      069d06bf66f194cdc929f6a8e6b3f87411af7c2f

    • SHA256

      507a68f382d9fbce799ab14d4179e81248a56e4076afc45fad72e94eddf358bf

    • SHA512

      f0d6434b738f270970eaea6cb49780dfda2041934ddd93d9357347124f85a36ff025d1b6c8e2b5a2e1eb2d93699a821eab952747dc38a295147f008f234d376a

    • SSDEEP

      768:FbJ9Yyrdng1T7Enn/IRXILJtGiU83aTDiRxqTxf1mlTAwrFw:fyE5/LtrU83ayRxCfIcsy

    Score
    1/10
    behavioral14

    • Target

      Inspectors/QWhale.Common.dll

    • Size

      192KB

    • MD5

      ac80e3ca5ec3ed77ef7f1a5648fd605a

    • SHA1

      593077c0d921df0819d48b627d4a140967a6b9e0

    • SHA256

      93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

    • SHA512

      3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

    • SSDEEP

      1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc

    Score
    1/10
    behavioral15

    • Target

      Inspectors/QWhale.Editor.dll

    • Size

      816KB

    • MD5

      eaa268802c633f27fcfc90fd0f986e10

    • SHA1

      21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

    • SHA256

      fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

    • SHA512

      c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

    • SSDEEP

      12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB

    Score
    1/10
    behavioral16

    • Target

      Inspectors/QWhale.Syntax.Schemes.dll

    • Size

      284KB

    • MD5

      681abb88692a8d2662c527eab350744b

    • SHA1

      58bf5fdfa668c2add65a6b7edbb43eab47648821

    • SHA256

      9ad5749ba1914101cd4cf2736d0e74bbb8c7abbe93fd5e83377d5cbf33ddb78d

    • SHA512

      5f2a370b4bd64e03469ddaa90b7ebd75e588033dbe48ae1b111fa537e56aa13b5bd7e067126d3cc543faf45cd0595ea2355d8fa412197b61f18754e4f9876823

    • SSDEEP

      1536:/YiCDgqGqtbeBLmTnNLUSgk9NPOEbg0hIc2Vrl2XuPtlPpXB1sJOm8M93f2AkkgW:abMmTnNLUSgk9NPOEL2Wg1TOV

    Score
    1/10
    behavioral17

    • Target

      Inspectors/QWhale.Syntax.dll

    • Size

      228KB

    • MD5

      3be64186e6e8ad19dc3559ee3c307070

    • SHA1

      2f9e70e04189f6c736a3b9d0642f46208c60380a

    • SHA256

      79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

    • SHA512

      7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

    • SSDEEP

      3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V

    Score
    1/10
    behavioral18

    • Target

      Inspectors/Standard.dll

    • Size

      247KB

    • MD5

      0f8191a9defbcc4e27cb6d6d455bbd09

    • SHA1

      17fe3a6f0d93082e1fcca23925db99be023b65c4

    • SHA256

      e673dc35530cac477135267c41212de263798fe49b0e77ba9511eef908e4f7db

    • SHA512

      43c07afe0e53ea7007cd1718797c53c87843c04bdcae58f531a5f1cfd579c8927b0938489e158c7106a9c77ed41b4a2e4ae805449686408cd2c65908cf091f68

    • SSDEEP

      6144:jDdXkVTfwIyE8W+pl7fdQ/51ftYx2Ngzs2L3NUR/m1Nt:jDdXkiIyEV+pl7Snrxmbt

    Score
    1/10
    behavioral19

    • Target

      Inspectors/SyntaxView.dll

    • Size

      68KB

    • MD5

      9271edebeb231896252e527ad4f2c1c5

    • SHA1

      518b8a5415b879147a9666e9c8b6ddc5841c290f

    • SHA256

      75ace796c6f2f1cafbb487b9de9fae7b33b8c6f68c56869654b0ae77618535ba

    • SHA512

      2fb2265b7fa7fbac6ecdde4fe27047f44e0d11d74f917b4d43aaf7303f5a70452e1f1b050e4545875d0f47d4dd2b7aa63d842eac39224f119a4c6aeb7dc64a02

    • SSDEEP

      1536:ESYKCJHDFPc0WIZ1zf2trbOWzIxHfIcAf:E2CRDFYIZ1zfBgggx

    Score
    1/10
    behavioral20

    • Target

      Newtonsoft.Json.dll

    • Size

      695KB

    • MD5

      195ffb7167db3219b217c4fd439eedd6

    • SHA1

      1e76e6099570ede620b76ed47cf8d03a936d49f8

    • SHA256

      e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

    • SHA512

      56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

    • SSDEEP

      12288:GBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUO:GBjk38WuBcAbwoA/BkjSHXP36RMG/

    Score
    1/10
    behavioral21

    • Target

      Plugins/NetworkConnections/Telerik.NetworkConnections.Windows.dll

    • Size

      33KB

    • MD5

      5889357424d717c8629c8bfabcd0be50

    • SHA1

      87e7047a40e24bd5ac23f89e072ee39a14a53023

    • SHA256

      3564b25b24569b8d8a0128f2f4bddec89c0b8986da7542d9c64aac730360a600

    • SHA512

      1af458742cefd4730d64b19ecc05460354f0e47a79cdcd7794877aa0f6c56cfb92f37a0daf66fedaec2a579eb0187d774b7d5ba1fff65d6ab1504df4c3668fad

    • SSDEEP

      768:2LpjNBBUyOzcB7RZbkTg+jO4HmBWKNTjNTlfKaE:2LB9VRpOg+jmBPFjF0aE

    Score
    1/10
    behavioral22

    • Target

      RunNsisUninstallers.bat

    • Size

      334B

    • MD5

      adedc0065e7ede15a0d8dab1c985ddee

    • SHA1

      53803b6179deaded7c57606cea410de34bfcb301

    • SHA256

      80d570928745176a574d82e45adb33dcab7fa68f80da07038c3da415c355463b

    • SHA512

      b303123360d4c6ce787814376526ae5af035a0105fe2114d50fc9b8f6e5de8bac0db3de6a0756f6a53294bf6ec379c2ff034058eb84b2a1e510164bf816599a8

    Score
    1/10
    behavioral23

    • Target

      ScriptEditor/Analytics.dll

    • Size

      32KB

    • MD5

      1c2bd080b0e972a3ee1579895ea17b42

    • SHA1

      a09454bc976b4af549a6347618f846d4c93b769b

    • SHA256

      166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

    • SHA512

      946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

    • SSDEEP

      384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7

    Score
    1/10
    behavioral24

    • Target

      ScriptEditor/GA.Analytics.Monitor.dll

    • Size

      52KB

    • MD5

      6f9e5c4b5662c7f8d1159edcba6e7429

    • SHA1

      c7630476a50a953dab490931b99d2a5eca96f9f6

    • SHA256

      e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

    • SHA512

      78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

    • SSDEEP

      768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi

    Score
    1/10
    behavioral25

    • Target

      ScriptEditor/QWhale.Common.dll

    • Size

      192KB

    • MD5

      ac80e3ca5ec3ed77ef7f1a5648fd605a

    • SHA1

      593077c0d921df0819d48b627d4a140967a6b9e0

    • SHA256

      93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

    • SHA512

      3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

    • SSDEEP

      1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc

    Score
    1/10
    behavioral26

    • Target

      ScriptEditor/QWhale.Editor.dll

    • Size

      816KB

    • MD5

      eaa268802c633f27fcfc90fd0f986e10

    • SHA1

      21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

    • SHA256

      fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

    • SHA512

      c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

    • SSDEEP

      12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB

    Score
    1/10
    behavioral27

    • Target

      ScriptEditor/QWhale.Syntax.Parsers.dll

    • Size

      1.1MB

    • MD5

      9fe6e9cfedb661c61a2c70fa75008ec3

    • SHA1

      0f6a0f4e7fc5552088d3f2dd0c0adf6f6c45b686

    • SHA256

      acff23204982780d844f5b0cbfe0bf1849c1dfe782cb4084ba2bdc9bf53f026c

    • SHA512

      a8864ee43628f667d6e0acf071fbba414ff768fe9dd302e6f9498432b3ce48a22deecfe438099a3caa684ad8e9588fae111de752c37c158eebd76e48ab67e02d

    • SSDEEP

      6144:DDsAkHPWoMvThdMlLQtRZfScxaHrlXnp55VAWvRY02OCo6+shEd2qxrGa:DDs7uounM5WSNAG2otTh

    Score
    1/10
    behavioral28

    • Target

      ScriptEditor/QWhale.Syntax.dll

    • Size

      228KB

    • MD5

      3be64186e6e8ad19dc3559ee3c307070

    • SHA1

      2f9e70e04189f6c736a3b9d0642f46208c60380a

    • SHA256

      79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

    • SHA512

      7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

    • SSDEEP

      3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V

    Score
    1/10
    behavioral29

    • Target

      Scripts/FiddlerOrchestra.Addon.dll

    • Size

      46KB

    • MD5

      094270ab2522a4228925480f5a07f4bb

    • SHA1

      bb450f6931252a132c029c23b2fa10278a8c695f

    • SHA256

      c3ae6b22fc6d7a8842747fb2bdea9f89bad48b7ba0de0440cbb6f41425ef8684

    • SHA512

      01d23e7c0733c2326ec2238938aaa7c0749c74ab0966025ae2b0fec965da54eeb6ab0a097db9fe401c9110334e8f7f433060a3266d1da9a3851b41bb5bb21600

    • SSDEEP

      768:N/CVPuRQuxvtICXEI086vCNVTFzQyxQyHjNbpVQ5yUmhLx4jCxf1mlD0:N/5pEI08WCNVTPHjdvQUhLx48fII

    Score
    1/10
    behavioral30

    • Target

      Scripts/FiddlerOrchestra.Connection.dll

    • Size

      1.8MB

    • MD5

      8dfc61a6a71de70bb8fb9e637b35611c

    • SHA1

      e6deaec2920460f7fb61cd3a9a35ff4d8ce8cb27

    • SHA256

      d7521e7e1e669ffe5a75738f55f685cba0ba4c4af1b81faa6b681678f5ad4c3f

    • SHA512

      54da6d578f40ecfdcf532285a78e287d3ca8d91dc9bde5c3fd009bf54718bbcb0696ea757cca8b77dff6bcb332bd16a834e1b90a014ac1170981d9f924a20c4d

    • SSDEEP

      49152:lkLbcPdI5jVkVyEf8MLFlBvdl7KsQ3+rLmk54anl5CfZvtx:UEBFXMfVL

    Score
    1/10
    behavioral31

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      192639861e3dc2dc5c08bb8f8c7260d5

    • SHA1

      58d30e460609e22fa0098bc27d928b689ef9af78

    • SHA256

      23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6

    • SHA512

      6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc

    • SSDEEP

      192:ljHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZqE0QPi:R/Qlt7wiij/lMRv/9V4bfr

    Score
    3/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

2
T1112

Credential Access

Discovery

Software Discovery

1
T1518

Query Registry

4
T1012

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks