b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492

Sharing

Copy URL

Twitter E-mail

General

Target

Wireshark-4.2.4-x64.exe
Size

82.5MB
Sample

240524-lecrrace2w
MD5

c38012af36b2f24cf15f971e62e08d87
SHA1

caa0849461201937fa995afc5d2b80986c506891
SHA256

b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492
SHA512

84f1da60f8f974ccc24bbf054a40d6380865707d51401a70a19bc2d5e8a271fd68abce1b5fd14fd339cee57729e908e0aec70d7f5fb3046b03b183da4b233784
SSDEEP

1572864:qgwkqSnN5BNMnT8RjmZq2j+efj6e1u4lQ2D9jdd840ownGiwDNPjPrnrLYA:qgVqSbBinu6q2j+ixu4lQU8XhwD5PJ

Score

9^/10

discovery evasion

Malware Config

Targets

- Target
  
  Wireshark-4.2.4-x64.exe
- Size
  
  82.5MB
- MD5
  
  c38012af36b2f24cf15f971e62e08d87
- SHA1
  
  caa0849461201937fa995afc5d2b80986c506891
- SHA256
  
  b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492
- SHA512
  
  84f1da60f8f974ccc24bbf054a40d6380865707d51401a70a19bc2d5e8a271fd68abce1b5fd14fd339cee57729e908e0aec70d7f5fb3046b03b183da4b233784
- SSDEEP
  
  1572864:qgwkqSnN5BNMnT8RjmZq2j+efj6e1u4lQ2D9jdd840ownGiwDNPjPrnrLYA:qgVqSbBinu6q2j+ixu4lQU8XhwD5PJ
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10
behavioral3 behavioral4
- Target
  
  dumpcap.exe
- Size
  
  513KB
- MD5
  
  6ec151a85bc4be270f53fdca74e1562f
- SHA1
  
  e78db01a542a042ce389e57bb6caa6a0a06a70e4
- SHA256
  
  9b7f0cd671350755316e429c490c3c6c9e83a0d015ab696bc5330e8c0f410693
- SHA512
  
  84d525521b15b7bdf2b72ff89ca97350525a78d8dd2471b67a469bc4026a4d2896a5b2da2d30a386b0e1863c75121328d370e50cb44036739a48f6c8848f622c
- SSDEEP
  
  12288:Av/o2mm2R7MBiYy2PEwe/IqjAjFP9WTDl:Avg2u7MYYTPEwewqj4BsT5
Score

1^/10
behavioral5 behavioral6
- Target
  
  dumpcap.html
- Size
  
  28KB
- MD5
  
  3f273cc75d365436d2264b0717d43294
- SHA1
  
  b027f41d04a636935e179a9900dcaad5b7f8f92b
- SHA256
  
  3c9ce601f35ebe395de059c3c70a4271084ab27c48f8f07241c965cd43454a79
- SHA512
  
  fd593439f057f227cdaa50d985396315376802a176eed0b4a469d17cf891ed6152dd5e63eb37540b09d8658ead3b179aaf680c451700c6757ada21b291e27295
- SSDEEP
  
  384:zcLyTOwDtmYQjDQB0pHgjjeiGrheI2ZMyQIjM+/tIejjSqUT+IN8NbnTB86U:cySwlQjUQHgjjei4heIemvoesfG6U
Score

1^/10
behavioral7 behavioral8
- Target
  
  extcap.html
- Size
  
  8KB
- MD5
  
  f738cde79e96769d2b88f294550235e6
- SHA1
  
  bf45e4f7efdb779d874ce93c7f22044109186f0a
- SHA256
  
  6b01f9040e156292ccc5f1466618b24678f076473e0b7be65450711a266d637b
- SHA512
  
  b27fbe3f6659590ba05a43fadbdcf3a5022d1f47de36d5b628b219682487b0c03c43a681df00319f442a28e9ab861405886b4d662433005142ac7c5b9e04c7ef
- SSDEEP
  
  192:ZK1pwWZzPlmkFsOndHLk3AHDA2OkghZAp:Zqp5Zjlmmr5kc3p
Score

1^/10
behavioral10 behavioral9
- Target
  
  generic/qtuiotouchplugin.dll
- Size
  
  92KB
- MD5
  
  7b8962be1009e7feed1eb393902e590e
- SHA1
  
  807fca6ce9134f0ac4b967b3b7c39a4289abe95c
- SHA256
  
  6f6d717bb705521b5e546d2e190b0a2723abd5d3ec8eee45a9f8190a029451d0
- SHA512
  
  aa7147cd1bcdb43d61718e4db15fc4158271cdab90c97cc6ddf39b4067e2b776967b4fc5d17701ac0f1f6281d4ef0b793ad05377cc954afaccd1048134b7cc98
- SSDEEP
  
  1536:uuIdQo4xs14ruc74oi0KhxwmSIvRkpVHxbAxDUgbk8guxx:FoQpru4Ohx3SIvRiHxKD9bk8g+
Score

1^/10
behavioral11 behavioral12
- Target
  
  glib-2.0-0.dll
- Size
  
  1.2MB
- MD5
  
  fb586ba7096fddc13a2dcc6473509468
- SHA1
  
  792ca56ef25dacb6a2dbb514b2369c2fbe14d7ab
- SHA256
  
  3b5024c173e46a2bdf95247b189ae96983c17622b55b5f18d0da1ccb8114ae32
- SHA512
  
  5516e064ed2b76d7281528b4a97d12ef2977d7832920b699c17c4f1cefca861b29ff00c659a3096ca0a6be56098817eac08f7aa304dcfb51f02b573761b3e2dc
- SSDEEP
  
  24576:kkBrw3/19gl2oWb0LmdJrASjICaxqLi8krsBViBdJIvA2+fp56MWtvCMHtOH:kkrw3/19aXWbNdJrjICaxqLi8krsBViN
Score

1^/10
behavioral13 behavioral14
- Target
  
  gmodule-2.0-0.dll
- Size
  
  30KB
- MD5
  
  fd242c79df249b7ce45b55d54adb92e3
- SHA1
  
  d3bf5505fca1f4ee1bc51778444f8a2b541480ee
- SHA256
  
  91b3905256b979e4d0567689bf236543368c8998d4d7668c7824b5ba87fdf95c
- SHA512
  
  09d11787e41f2de318bb7c13514eaeb936d6545f7b0575ac392810c0d721663ec91ecd078d4e666254711e601858073e2f6927a02cbbdb9ecfb6dfb3877754de
- SSDEEP
  
  384:TyejOSqHahJOnbwZi4BYV1U4BZ7opwKNsgxCwoAM+o/8E9VF0Nydl/:TtjFqHa7OR4iNL7dgxIAMxkEN/
Score

1^/10
behavioral15 behavioral16
- Target
  
  gthread-2.0-0.dll
- Size
  
  21KB
- MD5
  
  fbde8bb097a2140961439170b8a8e485
- SHA1
  
  e32b5689b285f687c5f6fc4dbadfb18226ea4cec
- SHA256
  
  c34800f6bf9d58d476ac884a62c7f239a0128277ede988df9c5ec014a00ac8bf
- SHA512
  
  124943875da7bddcc57256f8df32ad707dd5def6c092a4955664b5ad65bb6b82b45ad85f76d104f0c14f81143bae59277600123a39f468ffa100d4b40736f47b
- SSDEEP
  
  384:NuJb5G1ojruApwKNsgxPiV5MsAM+o/8E9VF0NyXWP:NupQKq1gxwZAMxkEu
Score

1^/10
behavioral17 behavioral18
- Target
  
  iconengines/qsvgicon.dll
- Size
  
  61KB
- MD5
  
  2726ff117c0b82bd975af264475527af
- SHA1
  
  7da2ce3f12c15b554b08f8e005e4676c565fca8e
- SHA256
  
  6fd7b10d34518e09bdd7a427752320a33ab14e3a5001fd357f876392916d3e82
- SHA512
  
  716d13bfd646b60adbef1e4c0417e4b1aff88667acc193f009e9f122e4b01e0c167320f92aa25aa0baa724e3c1f340b0e986a0c1539b03944f4cf4f18dc4e22d
- SSDEEP
  
  1536:9cjQ9xCOoer+KpD3ajbyj6S+IqriFBWKMjP1tjoIbCXMhR5P9gbxk:Nq4ajbe+Iq245jP1tjoRMhR5P9gS
Score

1^/10
behavioral19 behavioral20
- Target
  
  iconv-2.dll
- Size
  
  1.0MB
- MD5
  
  1dbfa36034004755cd8d67f894ce0e5d
- SHA1
  
  8b80dfaa8b699b0040216c61ca69e66b5729895d
- SHA256
  
  91a76ecc5c6c7092ce0bec6ad495166ed4d9808b94a20e8a0fbb0640a31ac6a0
- SHA512
  
  88bcfdbc5695427913e96c0b6dc2f9b072ba8e0f74452d67d1dc07d3a400c77f697208c3d8f9cb98cf603739fb75e88cf5384f9f11ba778a223ebbcddb439bc9
- SSDEEP
  
  24576:CgHftbBAUZLYTfYlaQuwGavkg3NyXHbbTgscK6wU9:9tBAUZLYT2aQuwGaXwEsJni
Score

1^/10
behavioral21 behavioral22
- Target
  
  imageformats/qgif.dll
- Size
  
  46KB
- MD5
  
  98775acae4498a68d94b0bcfe47b5977
- SHA1
  
  a79690ab8c55e0ca6b6d0938eee575248702d30c
- SHA256
  
  bb5692e04bb59aee960b0cf1c0e6caf5ee4836537dba7e76ca3f1b3df0991722
- SHA512
  
  b68df5499892eb73792e68a5245926e71c705f8201b187186c5abba928b8f20a53d74976c6472597084621607bebed8adef473a1e778fdf0a6b3ed128534d741
- SSDEEP
  
  768:/b1BgMAbGKdSySwa0r3EDVQPi4bNqZiQzad2pWxCozDc9gxQAMxkEdl:D1tAbSXInPh4zadkWx7vugIxT
Score

1^/10
behavioral23 behavioral24
- Target
  
  imageformats/qico.dll
- Size
  
  45KB
- MD5
  
  a83bcfc80744013aa1ff36456b76ee2a
- SHA1
  
  8cf5f120510d4eb7c448660950145cafc7f70c40
- SHA256
  
  dbee8a2b275408883806a67b0570ede0abf951c8ffe4528084b2870e30c72f2c
- SHA512
  
  a19be31520eb0350b211e33f3785fb628d1abbc77ee54fc0e3a5f1268071bd4c6649d290085f821c4758bd35edb5cb9602750322484497357f0a90d01b8b4fcc
- SSDEEP
  
  768:zNh/rHNzM5yECWkF0EuXc19QAo3E3xv2gxOGAMxkEc5:xpS5fCVFBuXc19QAoU3xv2g00xw5
Score

1^/10
behavioral25 behavioral26
- Target
  
  imageformats/qjpeg.dll
- Size
  
  604KB
- MD5
  
  28639ddce20b71142eb8306305922c5b
- SHA1
  
  af2daf88ba940336c4592ad37be9755812f5ade6
- SHA256
  
  88ff62366bd60c749124a633aa10013d9c5f4bd7bb3c23a6a2ecbfa2dadbc724
- SHA512
  
  5afbbd969008aa9ed3fc61fe648dea6e91ef9d36eaffdd6c6f0d77a35320a4723f91f784e81a5e3918e4118a3a76d67ee3a7a1c4fd1114ef3d52d06b86a860c0
- SSDEEP
  
  6144:PkY20xwNvMjZM09UGzjdr9N2F6iXSh6eKUm5QSNu3a99XHBHR+29zHn8cCl4RVDw:PINvMtgXMKUvSC2eM8HvTl
Score

1^/10
behavioral27 behavioral28
- Target
  
  imageformats/qsvg.dll
- Size
  
  38KB
- MD5
  
  b07dd2cb3846ed9be76162989cc8d599
- SHA1
  
  bcfe36daf844f5da70f107f511cd8b730178be27
- SHA256
  
  d50a7077b42f4c4097c18ae5b5a5a98f2c069238600c70fed4a09b9362fad0b6
- SHA512
  
  3986472f9f3ac2d7ec4ad94e980c98444e1373207931c2f7250a66e7638f8879e3fa464904bfc81ecde889e766b464d491a4eba816efe39fa7deca36a568920c
- SSDEEP
  
  768:mEz05YLHnGW21B3zSgTkyYwE7RjgxZJOAMxkEH:sYLHnGW2tSgtYwEdjgx8xz
Score

1^/10
behavioral29 behavioral30
- Target
  
  intl-8.dll
- Size
  
  95KB
- MD5
  
  b21cd0b402000e4f20a4372b3d94facb
- SHA1
  
  75d052510445aa43059f18c0fcf0fdaef5b5ef54
- SHA256
  
  4d62ad9661460c6377eb88e46ef7ee108e0dd72d0e8da8354eb00c5caf0ed3c6
- SHA512
  
  45649883a7095adc569a72082c8024409942356e7e4f7213d8e7c7013f08126526415e1d99f391f3b2ab8f8e5580611578bf0fab84b4a79421468afddee3e43c
- SSDEEP
  
  1536:hPMqq7gvpDhtteBo1we7kCcLYVM1KIwSqNUMhEMb4004k+f/QZcFQiPESvhxNy/L:NMeDsh8VMcIwSUEMb4004NfYZ6ESvhx8
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks for common network interception software

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32