General
-
Target
FiddlerSetup.5.0.20243.10853-latest.exe
-
Size
4.4MB
-
Sample
240601-c96tmsga28
-
MD5
68c831dc8ee4a88592e26cb79a08d410
-
SHA1
67ffba83eac8f1b7414d7048d681240ddc747c63
-
SHA256
174c811a5c0da930f53f29d68fcce985e88994e4bef869a04b57f399bef25bbc
-
SHA512
af3de69884cdc9b361a8a8764ddfa2cc2c67ad7e5319f1dceb7496d8f8639a85b042bffddf9516d796f7b21ee453d66dc80b139bcc7213de43b41f92d8acf2d7
-
SSDEEP
98304:Q3T82KbCk8NKNgKl3xpQ3Ll02nSadHnV8t7PrMT:Q3TLkCEpwx02nVdHoDrY
Static task
static1
Malware Config
Targets
-
-
Target
FiddlerSetup.5.0.20243.10853-latest.exe
-
Size
4.4MB
-
MD5
68c831dc8ee4a88592e26cb79a08d410
-
SHA1
67ffba83eac8f1b7414d7048d681240ddc747c63
-
SHA256
174c811a5c0da930f53f29d68fcce985e88994e4bef869a04b57f399bef25bbc
-
SHA512
af3de69884cdc9b361a8a8764ddfa2cc2c67ad7e5319f1dceb7496d8f8639a85b042bffddf9516d796f7b21ee453d66dc80b139bcc7213de43b41f92d8acf2d7
-
SSDEEP
98304:Q3T82KbCk8NKNgKl3xpQ3Ll02nSadHnV8t7PrMT:Q3TLkCEpwx02nVdHoDrY
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-