Overview
overview
10Static
static
3FiddlerSet...st.exe
windows10-2004-x64
10$PLUGINSDI...up.exe
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analytics.dll
windows10-2004-x64
1Be.Windows...ox.dll
windows10-2004-x64
1DotNetZip.dll
windows10-2004-x64
1EnableLoopback.exe
windows10-2004-x64
7ExecAction.exe
windows10-2004-x64
1FSE2.exe
windows10-2004-x64
3Fiddler.exe
windows10-2004-x64
9ForceCPU.exe
windows10-2004-x64
1GA.Analyti...or.dll
windows10-2004-x64
1ImportExpo...ts.dll
windows10-2004-x64
1ImportExpo...rt.dll
windows10-2004-x64
1Inspectors...on.dll
windows10-2004-x64
1Inspectors...or.dll
windows10-2004-x64
1Inspectors...es.dll
windows10-2004-x64
1Inspectors...ax.dll
windows10-2004-x64
1Inspectors...rd.dll
windows10-2004-x64
1Inspectors...ew.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1Plugins/Ne...ws.dll
windows10-2004-x64
1RunNsisUni...rs.bat
windows10-2004-x64
1ScriptEdit...cs.dll
windows10-2004-x64
1ScriptEdit...or.dll
windows10-2004-x64
1ScriptEdit...on.dll
windows10-2004-x64
1ScriptEdit...or.dll
windows10-2004-x64
1ScriptEdit...rs.dll
windows10-2004-x64
1ScriptEdit...ax.dll
windows10-2004-x64
1Scripts/Fi...on.dll
windows10-2004-x64
1Scripts/Fi...on.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows10-2004-x64
3General
-
Target
FiddlerSetup.5.0.20242.10753-latest.exe
-
Size
4.4MB
-
Sample
240529-slwlrsah79
-
MD5
78537045a5e032d4ac93514f027c7a47
-
SHA1
5b6e705b20652c0cf39ee890013b9b8e8ad26b07
-
SHA256
06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c
-
SHA512
8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47
-
SSDEEP
98304:pNB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:pNRdnRkgCNGyJ/IJYR7vsOKwGYO
Static task
static1
Behavioral task
behavioral1
Sample
FiddlerSetup.5.0.20242.10753-latest.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/FiddlerSetup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
Analytics.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Be.Windows.Forms.HexBox.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral6
Sample
DotNetZip.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
EnableLoopback.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
ExecAction.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
FSE2.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral10
Sample
Fiddler.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
ForceCPU.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
GA.Analytics.Monitor.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
ImportExport/BasicFormats.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
ImportExport/VSWebTestExport.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
Inspectors/QWhale.Common.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral16
Sample
Inspectors/QWhale.Editor.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Inspectors/QWhale.Syntax.Schemes.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral18
Sample
Inspectors/QWhale.Syntax.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
Inspectors/Standard.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
Inspectors/SyntaxView.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral22
Sample
Plugins/NetworkConnections/Telerik.NetworkConnections.Windows.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
RunNsisUninstallers.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
ScriptEditor/Analytics.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
ScriptEditor/GA.Analytics.Monitor.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral26
Sample
ScriptEditor/QWhale.Common.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
ScriptEditor/QWhale.Editor.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral28
Sample
ScriptEditor/QWhale.Syntax.Parsers.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
ScriptEditor/QWhale.Syntax.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
Scripts/FiddlerOrchestra.Addon.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
Scripts/FiddlerOrchestra.Connection.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Malware Config
Extracted
C:\Users\Admin\Downloads\Ransomware.WannaCry(1)\@[email protected]
wannacry
115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Targets
-
-
Target
FiddlerSetup.5.0.20242.10753-latest.exe
-
Size
4.4MB
-
MD5
78537045a5e032d4ac93514f027c7a47
-
SHA1
5b6e705b20652c0cf39ee890013b9b8e8ad26b07
-
SHA256
06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c
-
SHA512
8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47
-
SSDEEP
98304:pNB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:pNRdnRkgCNGyJ/IJYR7vsOKwGYO
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
-
-
Target
$PLUGINSDIR/FiddlerSetup.exe
-
Size
4.3MB
-
MD5
5d96b95b066d797c7c468d125882ddcf
-
SHA1
8a130db5e4f6207b70939c5007d6689c22378c7d
-
SHA256
7ea1a09eeab47eb4658938bf4a023c6231de726ad076fde189c3383ffb4091fe
-
SHA512
fd746263b0aad96e90468aac664a3f02af20c2291e03138cf201d68036bd8ce26cc36b5fdc4e97ae5f93c65a5660de91988e3ee7156359de509fea9b4308550a
-
SSDEEP
98304:uB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:uRdnRkgCNGyJ/IJYR7vsOKwGYO
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
-
-
Target
Analytics.dll
-
Size
32KB
-
MD5
1c2bd080b0e972a3ee1579895ea17b42
-
SHA1
a09454bc976b4af549a6347618f846d4c93b769b
-
SHA256
166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
-
SHA512
946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
-
SSDEEP
384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score1/10 -
-
-
Target
Be.Windows.Forms.HexBox.dll
-
Size
60KB
-
MD5
e6f7b8c5ec4d1543eaa7f5d148c6327c
-
SHA1
61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec
-
SHA256
bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
-
SHA512
6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4
-
SSDEEP
1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve
Score1/10 -
-
-
Target
DotNetZip.dll
-
Size
449KB
-
MD5
11bbdf80d756b3a877af483195c60619
-
SHA1
99aca4f325d559487abc51b0d2ebd4dca62c9462
-
SHA256
698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1
-
SHA512
ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29
-
SSDEEP
6144:WuCIjULqwIvFC/scNRmglrCYc9vnIJtrGtSV41kJDsTDDfiSLe6XOxLV/f:kDLZrPtLWn7S4csHiSe6+ff
Score1/10 -
-
-
Target
EnableLoopback.exe
-
Size
82KB
-
MD5
ea240c9d733ad54a79faaca19ba8d376
-
SHA1
2c1d1b3aa6aec6e6e7af7f64637029971a37ba77
-
SHA256
2c2aa55ab99b5a34eb78ded93e46c4d5fef44077847281e124473c20de5cf165
-
SHA512
d3815bf7b5af7aa5dbf717f404bdac9538adeaff57cf6ec38c3724d7179fb1f31231009941a671bdd15516e47ff346afa8738bc399c4e57cb840def6821f6464
-
SSDEEP
768:JyEI16zcI2eTcvE+m/ljPb0O7/Al25znrSh7A+g4CqnZ86qmmlk8x3Oqxf1mlZxd:K1H50wOLFzrSh7QwZhxmlk8xDfInfZ
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
ExecAction.exe
-
Size
19KB
-
MD5
519310853c0ee273a3f8787d7518dd2e
-
SHA1
22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8
-
SHA256
a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272
-
SHA512
30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d
-
SSDEEP
192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY
Score1/10 -
-
-
Target
FSE2.exe
-
Size
50KB
-
MD5
7a8df7276257139271a09a8947da44e5
-
SHA1
965c788156e2e29b6d1012430afee0cad13093b0
-
SHA256
8b0b9859af32d467fb7031ac8164779ffdb274cdaff959d89d11a65a365c8e12
-
SHA512
2769f62f0de76726c33cb0eae42c933806ddceae6c1f97d16302c575a8955fe33d4388824ca2a2c1269b09755e42b82fa5dceca825bd19e3e83ed43f97ca1f79
-
SSDEEP
768:ShiPG/qCn02KhWZH8Ufrg04g0r/pECkG9wR:KzrnKhWZH5frgc1R
Score3/10 -
-
-
Target
Fiddler.exe
-
Size
3.5MB
-
MD5
32cf2e7c6ae825d5f7cb2a7d39c2ee24
-
SHA1
262176d879e7727375025cae4aafc90698adad26
-
SHA256
d7ea71114bfe70383c1ac2be6dd19676805a0afb6e20c0ad3000018afad093e5
-
SHA512
a72e70f1a11d4443aedc56a2453cb3ed05bd8106b0e906364f23f01098a378440d2d86ac15f6d98ceedfe18b0a60d80f6806300b390c2969c3de97cb380b82c2
-
SSDEEP
49152:0Ms91NvXsJm+5Tti9og1fcaufet3YG5kCTnEsRH0jgB3:RsfNvXsJm+5TtiTMfeJnEsRHAgt
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
ForceCPU.exe
-
Size
19KB
-
MD5
b982a103b0d4e0db856026a163124bf3
-
SHA1
40772be00068bbd394ff0fccd551151a822f3e70
-
SHA256
2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
-
SHA512
214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
-
SSDEEP
192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score1/10 -
-
-
Target
GA.Analytics.Monitor.dll
-
Size
52KB
-
MD5
6f9e5c4b5662c7f8d1159edcba6e7429
-
SHA1
c7630476a50a953dab490931b99d2a5eca96f9f6
-
SHA256
e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
-
SHA512
78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
-
SSDEEP
768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score1/10 -
-
-
Target
ImportExport/BasicFormats.dll
-
Size
112KB
-
MD5
c9082ffd90962aac6d73d4f15d6803cb
-
SHA1
c22fc9a534c9560870c9a0a8d7c694788c69fa8c
-
SHA256
7f3ea7caf5d43f610b9ad20f3f09796847e4b8f4582dc6ff94029194e8905e0a
-
SHA512
96bf93650a007c1dbf197a849977b8bb574fa89fd9eb316f906f46b2194473347ecacbab572a4dfb7ffe0987d44caa29312a7b1fbc3d8f14a6a0bda14e5e86e2
-
SSDEEP
3072:z5zlHe5PmFt6DRIn9TQupG9c1rERA1TenjV++HOHbIE:rlUJ2g
Score1/10 -
-
-
Target
ImportExport/VSWebTestExport.dll
-
Size
44KB
-
MD5
7ee8a7354eff978914cfbe88620fa15f
-
SHA1
28cb0017666f583011e4cdc28496359d0ef2721f
-
SHA256
4b990716c98167940986b1d219ea7d60bc8ff11eb0a325cf52f8706d2759a32d
-
SHA512
8db5641837a64b3310f7b05ebb648c5bab2d8b51afabbdc5fe08011eb664516c0ca9e1bec8520870f121cb3a2b62c380933684237a2810f096fb70065a55abb8
-
SSDEEP
768:HbJ9YyrdngCT7Enn/IRXILJtGiU83aT7TTox1qxf1mlZxfmK:FyEI/LtrU83aXoxKfInfm
Score1/10 -
-
-
Target
Inspectors/QWhale.Common.dll
-
Size
192KB
-
MD5
ac80e3ca5ec3ed77ef7f1a5648fd605a
-
SHA1
593077c0d921df0819d48b627d4a140967a6b9e0
-
SHA256
93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
-
SHA512
3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
-
SSDEEP
1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score1/10 -
-
-
Target
Inspectors/QWhale.Editor.dll
-
Size
816KB
-
MD5
eaa268802c633f27fcfc90fd0f986e10
-
SHA1
21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
-
SHA256
fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
-
SHA512
c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
-
SSDEEP
12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score1/10 -
-
-
Target
Inspectors/QWhale.Syntax.Schemes.dll
-
Size
284KB
-
MD5
681abb88692a8d2662c527eab350744b
-
SHA1
58bf5fdfa668c2add65a6b7edbb43eab47648821
-
SHA256
9ad5749ba1914101cd4cf2736d0e74bbb8c7abbe93fd5e83377d5cbf33ddb78d
-
SHA512
5f2a370b4bd64e03469ddaa90b7ebd75e588033dbe48ae1b111fa537e56aa13b5bd7e067126d3cc543faf45cd0595ea2355d8fa412197b61f18754e4f9876823
-
SSDEEP
1536:/YiCDgqGqtbeBLmTnNLUSgk9NPOEbg0hIc2Vrl2XuPtlPpXB1sJOm8M93f2AkkgW:abMmTnNLUSgk9NPOEL2Wg1TOV
Score1/10 -
-
-
Target
Inspectors/QWhale.Syntax.dll
-
Size
228KB
-
MD5
3be64186e6e8ad19dc3559ee3c307070
-
SHA1
2f9e70e04189f6c736a3b9d0642f46208c60380a
-
SHA256
79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c
-
SHA512
7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78
-
SSDEEP
3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V
Score1/10 -
-
-
Target
Inspectors/Standard.dll
-
Size
247KB
-
MD5
3d70b43bf339c0ee8a5b858aa3174cfa
-
SHA1
a0de61687cd2a72b91d6a4dbd2fed2fa202ac0ae
-
SHA256
ceb5f94b822655ea47babffff72763e2de2497135b473afbd47984d5fbcb4478
-
SHA512
6cc53d58292222862fe69da44e61a67d48cda6fbe02cdb8a55053889882278b01105d7752655eaa63db8ee06cd04fae33f3558db1be73d0470286051a0c39737
-
SSDEEP
6144:aDdXkVTfwIyE8W+pl7fIQ/51ftYx2Ngzs2L3NUR/m1N:aDdXkiIyEV+pl7tnrxmb
Score1/10 -
-
-
Target
Inspectors/SyntaxView.dll
-
Size
68KB
-
MD5
ae5a16a270723a069a3d219318639ae2
-
SHA1
b192159d2ef1807f0595c2ae0d5c0a15bd80b43b
-
SHA256
47745b08fec912dc59c54d18ede668261faa920f8cc9b38129b112dcddcbdcc6
-
SHA512
db589b02c2b076df91d858b8e0304f27dc216c2ca514bef5918d79848958a3d89d0dc243615ce9f6323ef01a19ab1dcb74786fc5a7dfa253634f88d689070697
-
SSDEEP
1536:gSYKCJHDFPc0WIQ1zf2trjOWzwxhFfInflc:g2CRDFYIQ1zfBg40
Score1/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
647KB
-
MD5
5afda7c7d4f7085e744c2e7599279db3
-
SHA1
3a833eb7c6be203f16799d7b7ccd8b8c9d439261
-
SHA256
f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4
-
SHA512
7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944
-
SSDEEP
6144:3o4V9ynqKoxhi0gAsfLBhJJzhGIVrdhoHuLFGAJmKApt5psaLGBFahKGRd67XLEm:LyncxQRhJJzhoqgH5sB4dxHG
Score1/10 -
-
-
Target
Plugins/NetworkConnections/Telerik.NetworkConnections.Windows.dll
-
Size
33KB
-
MD5
5889357424d717c8629c8bfabcd0be50
-
SHA1
87e7047a40e24bd5ac23f89e072ee39a14a53023
-
SHA256
3564b25b24569b8d8a0128f2f4bddec89c0b8986da7542d9c64aac730360a600
-
SHA512
1af458742cefd4730d64b19ecc05460354f0e47a79cdcd7794877aa0f6c56cfb92f37a0daf66fedaec2a579eb0187d774b7d5ba1fff65d6ab1504df4c3668fad
-
SSDEEP
768:2LpjNBBUyOzcB7RZbkTg+jO4HmBWKNTjNTlfKaE:2LB9VRpOg+jmBPFjF0aE
Score1/10 -
-
-
Target
RunNsisUninstallers.bat
-
Size
334B
-
MD5
adedc0065e7ede15a0d8dab1c985ddee
-
SHA1
53803b6179deaded7c57606cea410de34bfcb301
-
SHA256
80d570928745176a574d82e45adb33dcab7fa68f80da07038c3da415c355463b
-
SHA512
b303123360d4c6ce787814376526ae5af035a0105fe2114d50fc9b8f6e5de8bac0db3de6a0756f6a53294bf6ec379c2ff034058eb84b2a1e510164bf816599a8
Score1/10 -
-
-
Target
ScriptEditor/Analytics.dll
-
Size
32KB
-
MD5
1c2bd080b0e972a3ee1579895ea17b42
-
SHA1
a09454bc976b4af549a6347618f846d4c93b769b
-
SHA256
166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
-
SHA512
946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
-
SSDEEP
384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score1/10 -
-
-
Target
ScriptEditor/GA.Analytics.Monitor.dll
-
Size
52KB
-
MD5
6f9e5c4b5662c7f8d1159edcba6e7429
-
SHA1
c7630476a50a953dab490931b99d2a5eca96f9f6
-
SHA256
e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
-
SHA512
78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
-
SSDEEP
768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score1/10 -
-
-
Target
ScriptEditor/QWhale.Common.dll
-
Size
192KB
-
MD5
ac80e3ca5ec3ed77ef7f1a5648fd605a
-
SHA1
593077c0d921df0819d48b627d4a140967a6b9e0
-
SHA256
93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
-
SHA512
3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
-
SSDEEP
1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score1/10 -
-
-
Target
ScriptEditor/QWhale.Editor.dll
-
Size
816KB
-
MD5
eaa268802c633f27fcfc90fd0f986e10
-
SHA1
21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
-
SHA256
fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
-
SHA512
c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
-
SSDEEP
12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score1/10 -
-
-
Target
ScriptEditor/QWhale.Syntax.Parsers.dll
-
Size
1.1MB
-
MD5
9fe6e9cfedb661c61a2c70fa75008ec3
-
SHA1
0f6a0f4e7fc5552088d3f2dd0c0adf6f6c45b686
-
SHA256
acff23204982780d844f5b0cbfe0bf1849c1dfe782cb4084ba2bdc9bf53f026c
-
SHA512
a8864ee43628f667d6e0acf071fbba414ff768fe9dd302e6f9498432b3ce48a22deecfe438099a3caa684ad8e9588fae111de752c37c158eebd76e48ab67e02d
-
SSDEEP
6144:DDsAkHPWoMvThdMlLQtRZfScxaHrlXnp55VAWvRY02OCo6+shEd2qxrGa:DDs7uounM5WSNAG2otTh
Score1/10 -
-
-
Target
ScriptEditor/QWhale.Syntax.dll
-
Size
228KB
-
MD5
3be64186e6e8ad19dc3559ee3c307070
-
SHA1
2f9e70e04189f6c736a3b9d0642f46208c60380a
-
SHA256
79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c
-
SHA512
7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78
-
SSDEEP
3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V
Score1/10 -
-
-
Target
Scripts/FiddlerOrchestra.Addon.dll
-
Size
47KB
-
MD5
2d94327624f5787df9d0e87dac28987f
-
SHA1
902450afd77bed60d508d482502c562ef332342f
-
SHA256
acc04fec692c7f5e6806fb14b8d3efa3d6670830c74a59d02613bc444db2dbda
-
SHA512
d93454e51c984488f24d255523a6453625063ac44dcddd42934e4cc9c10b9940a1f7d69689b224620d08e9a24d0e109a8346f23690d37993f9b4e3bf37831735
-
SSDEEP
768:4/CVPuRQuxvtICmEI086vCNVTFzQyxQyHjNbpVu5yUJhFx06qxf1mlZxfyKEU:4/5YEI08WCNVTPHjdvunhFxefInfy
Score1/10 -
-
-
Target
Scripts/FiddlerOrchestra.Connection.dll
-
Size
1.8MB
-
MD5
f368e19ccee6123b3e56db718359dc29
-
SHA1
eaa31f6792aa2c350d28dd0ff86ce79b37eab8f6
-
SHA256
2149bef279127adffc549f9311d6ec4f69b09492210f81147989d23663f2e6b7
-
SHA512
b4849e21fb1cfa3bcb9409884b88f52fa222bd6536df3a9117da6f5a8b9082b603b2f4a6e7575ddad8729a4519e7b87c8b8bff462a96362842781a6e3efc166c
-
SSDEEP
49152:ukLbcPdI5jVkVyEf8MLFlB/dl7KsQ3+rLmk54adK5CfMANogrSPg:9EBFXJfJgg
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1File Deletion
1Modify Registry
5Subvert Trust Controls
1Install Root Certificate
1