General

  • Target

    FiddlerSetup.5.0.20243.10853-latest.exe

  • Size

    4.4MB

  • Sample

    240601-c96tmsga28

  • MD5

    68c831dc8ee4a88592e26cb79a08d410

  • SHA1

    67ffba83eac8f1b7414d7048d681240ddc747c63

  • SHA256

    174c811a5c0da930f53f29d68fcce985e88994e4bef869a04b57f399bef25bbc

  • SHA512

    af3de69884cdc9b361a8a8764ddfa2cc2c67ad7e5319f1dceb7496d8f8639a85b042bffddf9516d796f7b21ee453d66dc80b139bcc7213de43b41f92d8acf2d7

  • SSDEEP

    98304:Q3T82KbCk8NKNgKl3xpQ3Ll02nSadHnV8t7PrMT:Q3TLkCEpwx02nVdHoDrY

Score
9/10

Malware Config

Targets

    • Target

      FiddlerSetup.5.0.20243.10853-latest.exe

    • Size

      4.4MB

    • MD5

      68c831dc8ee4a88592e26cb79a08d410

    • SHA1

      67ffba83eac8f1b7414d7048d681240ddc747c63

    • SHA256

      174c811a5c0da930f53f29d68fcce985e88994e4bef869a04b57f399bef25bbc

    • SHA512

      af3de69884cdc9b361a8a8764ddfa2cc2c67ad7e5319f1dceb7496d8f8639a85b042bffddf9516d796f7b21ee453d66dc80b139bcc7213de43b41f92d8acf2d7

    • SSDEEP

      98304:Q3T82KbCk8NKNgKl3xpQ3Ll02nSadHnV8t7PrMT:Q3TLkCEpwx02nVdHoDrY

    Score
    9/10
    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks