Overview
overview
9Static
static
3FiddlerSetup.exe
windows7-x64
4FiddlerSetup.exe
windows10-2004-x64
4$PLUGINSDI...up.exe
windows7-x64
3$PLUGINSDI...up.exe
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analytics.dll
windows7-x64
1Analytics.dll
windows10-2004-x64
1Be.Windows...ox.dll
windows7-x64
1Be.Windows...ox.dll
windows10-2004-x64
1EnableLoopback.exe
windows7-x64
1EnableLoopback.exe
windows10-2004-x64
5ExecAction.exe
windows7-x64
1ExecAction.exe
windows10-2004-x64
1FSE2.exe
windows7-x64
3FSE2.exe
windows10-2004-x64
3Fiddler.exe
windows7-x64
6Fiddler.exe
windows10-2004-x64
9ForceCPU.exe
windows7-x64
1ForceCPU.exe
windows10-2004-x64
1GA.Analyti...or.dll
windows7-x64
1GA.Analyti...or.dll
windows10-2004-x64
1ImportExpo...ts.dll
windows7-x64
1ImportExpo...ts.dll
windows10-2004-x64
1ImportExpo...rt.dll
windows7-x64
1ImportExpo...rt.dll
windows10-2004-x64
1Inspectors...on.dll
windows7-x64
1Inspectors...on.dll
windows10-2004-x64
1Inspectors...or.dll
windows7-x64
1Inspectors...or.dll
windows10-2004-x64
1Inspectors...es.dll
windows7-x64
1Inspectors...es.dll
windows10-2004-x64
1General
-
Target
19b8f95d9f53bdb62eb6a0c5c936922c.bin
-
Size
6.4MB
-
Sample
240630-bmdznsvdlq
-
MD5
19b8f95d9f53bdb62eb6a0c5c936922c
-
SHA1
a8a65ef399f0dab3db8a20da7f26a2e3f20bb42f
-
SHA256
169605839aebe681cc8f32304083932a0a710dad4d24c900a9dc17d92f6efd29
-
SHA512
968b2f984b75f9947768cd587409311cae0d0e4dae2e1575bd9e8df585fab6848dc1820d8de8b9aa39c98244de0acb82f90097e4ac4e4d4abb410ca5d4144561
-
SSDEEP
196608:rp7Z18iBSzA9tuKFddmGJfq9c1yvoOdR7:d7Z180SzKFd5FpPOv7
Static task
static1
Behavioral task
behavioral1
Sample
FiddlerSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
FiddlerSetup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FiddlerSetup.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FiddlerSetup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Analytics.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
Analytics.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Be.Windows.Forms.HexBox.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
Be.Windows.Forms.HexBox.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
EnableLoopback.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
EnableLoopback.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral13
Sample
ExecAction.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
ExecAction.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
FSE2.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
FSE2.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
Fiddler.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
Fiddler.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
ForceCPU.exe
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
ForceCPU.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
GA.Analytics.Monitor.dll
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
GA.Analytics.Monitor.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
ImportExport/BasicFormats.dll
Resource
win7-20240611-en
Behavioral task
behavioral24
Sample
ImportExport/BasicFormats.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
ImportExport/VSWebTestExport.dll
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
ImportExport/VSWebTestExport.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Inspectors/QWhale.Common.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
Inspectors/QWhale.Common.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
Inspectors/QWhale.Editor.dll
Resource
win7-20240220-en
Behavioral task
behavioral30
Sample
Inspectors/QWhale.Editor.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
Inspectors/QWhale.Syntax.Schemes.dll
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
Inspectors/QWhale.Syntax.Schemes.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
FiddlerSetup.exe
-
Size
6.3MB
-
MD5
77a80b10028f9c800c5cbb5a80fde929
-
SHA1
7e8a8ce83bba6bec7b62cca06ae7680ef5c5ddec
-
SHA256
207e1a39c74a03ae535ad04fe74bc435baa777ecefaec95abe78664cd2b34690
-
SHA512
883600cb4d5114cef47dba6d7fde929c02f0f4d2baafa9dbb746fccfee92ebb6bfb02602e64dfb2c93b773abfdf8b49ac780b0c02414107761dd66e6999480bc
-
SSDEEP
98304:mIouszMd5OYRxqFu5rMnb8ELGUHjvYEarhIPAT99taafHOwRcxzv77Nd6fKnCKbX:FqzMSx3oohYTXt5WwREv77cKCKkBbYOY
Score4/10 -
-
-
Target
$PLUGINSDIR/FiddlerSetup.exe
-
Size
3.1MB
-
MD5
7e3090e237b9f252efc88d097f71ed47
-
SHA1
8a1cae86f421c4c74f7f543609826cfc472e5fa8
-
SHA256
91547aa10f5b4d1be95c7bfa289499ded2b65d1070ec6fce0208e61771df5318
-
SHA512
378d29ca00b73ff5b729d6bc39e63b61f833f7baad9d806db77ee7acab993b3b567f7e533aae2178bf8a9391bc8d205aadd72d75a29a71c0f2827196ff040afa
-
SSDEEP
98304:QIouszMd5OYRxqFu5rMnb8ELGUHjvYEarht:rqzMSx3oo8
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
b8992e497d57001ddf100f9c397fcef5
-
SHA1
e26ddf101a2ec5027975d2909306457c6f61cfbd
-
SHA256
98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
-
SHA512
8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
-
SSDEEP
192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
Score3/10 -
-
-
Target
Analytics.dll
-
Size
32KB
-
MD5
1c2bd080b0e972a3ee1579895ea17b42
-
SHA1
a09454bc976b4af549a6347618f846d4c93b769b
-
SHA256
166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
-
SHA512
946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
-
SSDEEP
384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score1/10 -
-
-
Target
Be.Windows.Forms.HexBox.dll
-
Size
60KB
-
MD5
e6f7b8c5ec4d1543eaa7f5d148c6327c
-
SHA1
61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec
-
SHA256
bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
-
SHA512
6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4
-
SSDEEP
1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve
Score1/10 -
-
-
Target
EnableLoopback.exe
-
Size
87KB
-
MD5
13072c3b2a5a405b32a60d8cf1631bbc
-
SHA1
6996ab027fe913cccb9f8e26ad0e9491d4a609b1
-
SHA256
f8ed4cb272e52b7ef2b1c2672dbc6ace9f3ef752a38ce535265cfab891c9cbff
-
SHA512
337311e0b2c0a22b749930f7212b5040d27c2b997404dc8cecfbbf89c86f2f5d5077d6157090078a8421acaa23850b24f963ba1b984b0600e9b80505bdb125c5
-
SSDEEP
768:HzEI16zcI2eTcvEWm/ljPjOPAxr25znrSh7ANg3CqnZ+6qmmlG0KdFumjDdFWf1:F1H5MiP1zrSh7WwZ3xmlGddFjjDdFWf1
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
ExecAction.exe
-
Size
19KB
-
MD5
519310853c0ee273a3f8787d7518dd2e
-
SHA1
22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8
-
SHA256
a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272
-
SHA512
30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d
-
SSDEEP
192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY
Score1/10 -
-
-
Target
FSE2.exe
-
Size
50KB
-
MD5
3edc1fc459ea2dc098722261ec3fbe05
-
SHA1
8fbb8efa0a3ba27d29a184a4b182ff537f82c9a8
-
SHA256
89f3cdd4c1e20eeac4d39fa709d40e8f3ebd8985a0a76673a44cf117eeeb458b
-
SHA512
a6cf1c104f8dece689cd21f7d65d510f07e86d25600f42d61838a664fbf640ead66fe4523499a38f37951faa3028bd469ad8f483287f986218f8cbfb50f3256d
-
SSDEEP
768:PhiPG/q1nVY2kh5yGJMwCH8Ufrg04g0rTpEIkGAwd:pzonVXkhVJMwCH5frgiMd
Score3/10 -
-
-
Target
Fiddler.exe
-
Size
1.4MB
-
MD5
bf4fb7029571683986ecf3a48eacd4fd
-
SHA1
5f1c4f0a79f4a0c8e96d27adbf0153a45a58cc11
-
SHA256
b0eab66bae42868d402f326a37cb0e4364d4a686eb5feb4d93325b5078c1bc0e
-
SHA512
ec240842386f28e87576720252d12c5a02ea9e2c29485d1acaea34c89a1577041462610d953a59e9e4acef4d3c566e861d6672a00d9bf196d778bf13a45bb25e
-
SSDEEP
24576:HA93BNl5yPcNBSuUsRCb/l+53flpmjaqkIw:swLzkIw
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
ForceCPU.exe
-
Size
19KB
-
MD5
b982a103b0d4e0db856026a163124bf3
-
SHA1
40772be00068bbd394ff0fccd551151a822f3e70
-
SHA256
2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
-
SHA512
214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
-
SSDEEP
192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score1/10 -
-
-
Target
GA.Analytics.Monitor.dll
-
Size
52KB
-
MD5
6f9e5c4b5662c7f8d1159edcba6e7429
-
SHA1
c7630476a50a953dab490931b99d2a5eca96f9f6
-
SHA256
e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
-
SHA512
78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
-
SSDEEP
768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score1/10 -
-
-
Target
ImportExport/BasicFormats.dll
-
Size
116KB
-
MD5
0a81f697f485f316f3d013fe2643ae18
-
SHA1
296d7b5cc4f2b51545db42b92c52e40183e3f8c0
-
SHA256
c80a4f7d93f37cdf96dcb6ab2869da4cc4513993a3ea9d8b07a16b57adee0b9a
-
SHA512
d16e688fdf5c372ced38c5e08a8ab6e8dd84267177205fb4c3175cad610d4d76d8ada61bd9f26550b9bc65ba2772290e6869d772a311c948eb44e6eaa2bf5462
-
SSDEEP
3072:D7oO+xPm/sjzY4WctGYPhfhGY1rERA1TenDV++HOc2e4dFbdF0fn:UxVtTJfs2QidNd6fn
Score1/10 -
-
-
Target
ImportExport/VSWebTestExport.dll
-
Size
49KB
-
MD5
09a3037e9629d6eaa18b0121adf0b8c7
-
SHA1
f59543bb925101195193a4a3f43482600e785e55
-
SHA256
22435be7a701e6c9d421a94b53c35f1d09d388d1e9e5adfb6306a237fa16262a
-
SHA512
a0ea0829f62718c27f59fa1d83ef1e969e006f47036df0684604dbb64d54bf84f80856641757916cb7a4c371468e5da253f6a90b67195ca7e0b27f137efdfecf
-
SSDEEP
768:v12VLhSX96KTIvdF9T5T7Enn/IRXILJtGiU83aTcaOKdFKdFGfcf:AtU5Cds/LtrU83ajrdFKdFGfcf
Score1/10 -
-
-
Target
Inspectors/QWhale.Common.dll
-
Size
192KB
-
MD5
ac80e3ca5ec3ed77ef7f1a5648fd605a
-
SHA1
593077c0d921df0819d48b627d4a140967a6b9e0
-
SHA256
93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
-
SHA512
3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
-
SSDEEP
1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score1/10 -
-
-
Target
Inspectors/QWhale.Editor.dll
-
Size
816KB
-
MD5
eaa268802c633f27fcfc90fd0f986e10
-
SHA1
21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
-
SHA256
fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
-
SHA512
c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
-
SSDEEP
12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score1/10 -
-
-
Target
Inspectors/QWhale.Syntax.Schemes.dll
-
Size
284KB
-
MD5
681abb88692a8d2662c527eab350744b
-
SHA1
58bf5fdfa668c2add65a6b7edbb43eab47648821
-
SHA256
9ad5749ba1914101cd4cf2736d0e74bbb8c7abbe93fd5e83377d5cbf33ddb78d
-
SHA512
5f2a370b4bd64e03469ddaa90b7ebd75e588033dbe48ae1b111fa537e56aa13b5bd7e067126d3cc543faf45cd0595ea2355d8fa412197b61f18754e4f9876823
-
SSDEEP
1536:/YiCDgqGqtbeBLmTnNLUSgk9NPOEbg0hIc2Vrl2XuPtlPpXB1sJOm8M93f2AkkgW:abMmTnNLUSgk9NPOEL2Wg1TOV
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1