0d887e91da0551c333f22db3b4a5289614eb20fff63188851509e0645cc774c8

Sharing

Copy URL

Twitter E-mail

General

Target

Fiddler Everywhere 5.12.0.exe
Size

141.3MB
Sample

240701-vxrs3azerc
MD5

41d6e7f2e942f8bf8ed844228cd3d9eb
SHA1

c545226f7a1bff099acf881bdb738c90218afe7a
SHA256

0d887e91da0551c333f22db3b4a5289614eb20fff63188851509e0645cc774c8
SHA512

64c1c71b2b6c9f3cfa52a1c11a2d7971a8f9081d4d28f54fa2cc66a69f549c2ae394c1a58e81f4b74f07f84402cafb30af3be16547ca88336527a9acd64449da
SSDEEP

3145728:ayWTzxKnKlyN8UrcVb1LzgdSumCV0johP1AQWnS6kWiidjXjdMyYJqySWPp:zWJeubNVZcQsP1PsS6knWMJqAR

Score

7^/10

Malware Config

Targets

- Target
  
  Fiddler Everywhere 5.12.0.exe
- Size
  
  141.3MB
- MD5
  
  41d6e7f2e942f8bf8ed844228cd3d9eb
- SHA1
  
  c545226f7a1bff099acf881bdb738c90218afe7a
- SHA256
  
  0d887e91da0551c333f22db3b4a5289614eb20fff63188851509e0645cc774c8
- SHA512
  
  64c1c71b2b6c9f3cfa52a1c11a2d7971a8f9081d4d28f54fa2cc66a69f549c2ae394c1a58e81f4b74f07f84402cafb30af3be16547ca88336527a9acd64449da
- SSDEEP
  
  3145728:ayWTzxKnKlyN8UrcVb1LzgdSumCV0johP1AQWnS6kWiidjXjdMyYJqySWPp:zWJeubNVZcQsP1PsS6knWMJqAR
Score

7^/10

discovery execution persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral5
- Target
  
  resources/app/.eslintrc.js
- Size
  
  6KB
- MD5
  
  158443f29c52005013ce180a9077eb6d
- SHA1
  
  d66dd0789645b1779512a4df5e44bb8a189cca90
- SHA256
  
  76af8a77611df1e832f737d46a360a99618775465e89f1196e2b085ec1e9a28b
- SHA512
  
  9bab4a4fb07bb44b3141eacffd046b22341e2b99064eabe9b7b95b0c236eb0661d04a725e2392d465f654961be76a5a22c5960a98bda4d8443d7f43ca2f9c41f
- SSDEEP
  
  192:DaHeUx8DBQpvbpmSCvGFHAy5Lv7c5+gxmivjpv7UmLkAvTpyTUK7:DoLpJ5T+S
Score

3^/10

execution
behavioral6
- Target
  
  resources/app/EULA.html
- Size
  
  184KB
- MD5
  
  0892909fd72035474dd3fe0cdc76b483
- SHA1
  
  39050447945475bebbe891767dd50946e16f7384
- SHA256
  
  9bf27c7c6d660937947e5e166250d8a3f52de47015c89c469f7de7d0d15fa7f8
- SHA512
  
  b42cf19ce67f7fc56eb81fe0c5c9004b6ce1eb7b262458cf5f58b59f7b7e066e2a5546c3f21b4f9ea552eff578635be159741a789de1a4b4024f0284ccfe9e41
- SSDEEP
  
  1536:wmKmgizxZDVt0ddZRxs8hB/FSjs4mylU0O1S+Zx7fv+ircETTv7OHWKzNv1AACbq:wKg7ZrhXEYo/bUd9cbXJ
Score

1^/10
behavioral7
- Target
  
  resources/app/esbuild.reporter.config.js
- Size
  
  4KB
- MD5
  
  91fd321cd655bdf8fb66e364b3bbf7b7
- SHA1
  
  7ea10bbd5d912d035b073de419b04ac455b44644
- SHA256
  
  8f1c0597271e891a46a9cf1370a8ce611323283f0e7488f303f74c1446e602ab
- SHA512
  
  ce689bba116069cb7c4a87f8089353924fa6d81ae8b1894d88917e445aca7bdbfecd63e40e7ae9b8adc00c4e8ed0eaddb894acef4ae72dafe0697f1819963ac8
- SSDEEP
  
  96:zUp3EAwdfG+o2ggSL34YtWcHMd+UBgQ9roGv:UEA6G+o2ggSTWcsd+ugsrN
Score

3^/10

execution
behavioral8
- Target
  
  resources/app/jest.config.js
- Size
  
  123B
- MD5
  
  3a0715656bd0d5026624afdfce0b2027
- SHA1
  
  f631f68fa639a63dc62417f7867df20d6b137e04
- SHA256
  
  05d33ee64a44ff6a04d6aa2840a8d2a5ddc8ed4bfff0e8e8c7709780401f3c75
- SHA512
  
  70ba36c292bacf77b15854cd660d56dcd5b70a5629b7ddb0c590cdee82bad888e16eb466f4f7620a20daf61490072c5e4f63e8e8b1ee0d52d2a5d8e265d80a5f
Score

3^/10

execution
behavioral9
- Target
  
  resources/app/out/WebServer/AutoMapper.Extensions.Microsoft.DependencyInjection.dll
- Size
  
  12KB
- MD5
  
  6d5600bdbfe2e17f01ac07100d264051
- SHA1
  
  3b80b47f91c34d1e211142aaa61bf2bd2389daf6
- SHA256
  
  44598fe82fbfc18975212ad505e902f8adb3ac1c2a3c3530be2f1d570fad8946
- SHA512
  
  7dbc75e5cb28d92487cf6cc04478e651b59aba6c4f526d4cfbfe874eaaccc149f6c4230788055a038d91b5e6e5bd3e1f60e4fed713aa73772bf203d6c57261a5
- SSDEEP
  
  384:7bSrE5JDj9uKKKHab47/MzsFK6SIIi3r+09:fF5JDj8KKKHb70Aw6Se3r+09
Score

1^/10
behavioral10
- Target
  
  resources/app/out/WebServer/AutoMapper.dll
- Size
  
  257KB
- MD5
  
  c8a4a719cf3c0552fede21052a9fedbb
- SHA1
  
  4eb9ea3643c5e37fb6133cabdef184d85c8f70b5
- SHA256
  
  20f2c40a3873028e496a956eb8007f653e4e1b089245910ac6d63b10c3421f7f
- SHA512
  
  57fb7e56485138c68c4edb48f2cd847c82ab5c673af0ac9ab326d53f531c1c380f51cb211c52475be6d0901606ded72cdfb9594597bb00b175ae01cdbf9cf0ab
- SSDEEP
  
  3072:kiztzksO+IKSi6EJNIcEBV4Xkrlf3BwneIPFkYBFz35dgD7EX8EeErs7WmQsk8Bf:ki5sMN+L0krDCFTv4berBskwl
Score

1^/10
behavioral11
- Target
  
  resources/app/out/WebServer/BasicFormatsForCore.dll
- Size
  
  120KB
- MD5
  
  e2abc51898934545554de0309e82f18a
- SHA1
  
  265954e7ac4416285d470dc25c559c50faacc7f3
- SHA256
  
  f65fd5bccd2d8a5e9141d0b4a0e645dac2e57341882618bf33275a058a9e2387
- SHA512
  
  42ea359016bdeb8966e80b0abfac5bd1687d4ec245bf4dc553c2ef499791b87709536609ab9180f94a96f9f24584808f0c8b902311bc4fe3feb8345f6452dd5c
- SSDEEP
  
  3072:ZxGqoDcWOAXy0D8eFV+wHO3WlI/7oai2LKLo:ZxG7DB1TbIcaxK
Score

1^/10
behavioral12
- Target
  
  resources/app/out/WebServer/BouncyCastle.Cryptography.dll
- Size
  
  6.8MB
- MD5
  
  29f67c517f366b3ff65cf0de64ef4bb6
- SHA1
  
  ae5f0bcdae220ec7332763fb6956685ac381efa6
- SHA256
  
  f40e8e6cd2705822bf33d4b360a628d8ba59765e3161cf602ff15a762b392874
- SHA512
  
  714f70b61daf136e869cb8e53aeee06e6b5e73ce3aee02efb18b9619af988c656d70dc3c11b6b381d479491598c65010a3cf9b0f4b3c5bf218b4fcaadeda2b89
- SSDEEP
  
  98304:n7shAKDMFQfVTwT3Pj3jno+adQ6Z5EgveHluvNoT4S9tomfTYFNUW:aAKDMF0u7MrdQ8rvsluv67amrYn/
Score

1^/10
behavioral13
- Target
  
  resources/app/out/WebServer/Brotli.Core.dll
- Size
  
  34KB
- MD5
  
  2a8490f29080c52cbc568d9b94576546
- SHA1
  
  41ccd7efed8251f72b43bbce0535769eab9cdbe7
- SHA256
  
  7a6cf5dd3835ff3f94c59a55bb97fb8d84277b87f2b3ca4a3486774d802f6350
- SHA512
  
  821940342c0ba3359f1045f9145f9166c9b6c232aa41b378f44b9408d4857f4240647b016bcfab99315a97499528c369f2d2747135db4279f6fa21f372741984
- SSDEEP
  
  768:OCfRI1hznZLU/2u/lHlGlHlilHlGlHlXzom1WcoHcFfNu1nQ:XRIzznZLUOuM1Wco8F1AQ
Score

1^/10
behavioral14
- Target
  
  resources/app/out/WebServer/CBOR.dll
- Size
  
  189KB
- MD5
  
  7c32e2a519e373d2cde325e8fd484eda
- SHA1
  
  4338900f0cf49377bacb951a4998e0a85cb49135
- SHA256
  
  a047b48d17f1557df6e354a18a4a55c43e157aab467e786a07ddb8e39a1be17b
- SHA512
  
  9b77bde26e5c5190ff6a928b71d9ca0c9021b6b04f585320a1f6c351472bd60b0458e999cfd1cb85b71b7fce783fdb732891786aa0229021bdf84206e86bfc27
- SSDEEP
  
  3072:WWOllz/RLS7ICDw3cnRfpqvH7LA4aeDphzEFCFJUNtYkoQsBAILhC:gEIzFvHImJL
Score

1^/10
behavioral15
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.de.js
- Size
  
  869B
- MD5
  
  b7f50a746a86a8e36913445417f54c61
- SHA1
  
  4ecee5a19ffd2adcf17dd3896f36bc32b98d1b4e
- SHA256
  
  7fa7993d27d6eaad13657447247f4eb772839b35d1ae703052b1b3eb34d66b97
- SHA512
  
  f8c7ac282f88ea1d2b6cbe1e145837051f6bbe4e131e8ba8d25939cac2558b8be86c1e119f3b9e3582e44d63a170c4275c4a223c6e68d4c0520d12358ae6338d
Score

3^/10

execution
behavioral16
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.es.js
- Size
  
  890B
- MD5
  
  824217d2b699783eee33ed1a97c765ee
- SHA1
  
  31a690d5bb206cbb4a0740d9f2006908861a696d
- SHA256
  
  1a3cf6878011f1d16748e89b9c9a9426171e1bd8b95b44035c2296574b22d650
- SHA512
  
  30991347dfd24795241250393ff5f4efc52afad4d583971d02d90d785430e9843649cf9d286dac1d4326f173632c90912495a1d19b3a4b6c0e1e19b233d0e8da
Score

3^/10

execution
behavioral17
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.fr.js
- Size
  
  904B
- MD5
  
  08ebbd6de065447466eff9f284b604c7
- SHA1
  
  04b6ee162df50ff9278969d813163cfc3bf96a23
- SHA256
  
  adde07be54172c1f8d0bf800887c340f20683590f685143e08545cb93f65e4f0
- SHA512
  
  2d60dadf1468d272a73e155a9163646f23f3f76607ac483f2fb1534aac48a6fe3b14505650949718f3336255c8dfbadf2f43b60cdc964e6d1239a16427ff1763
Score

3^/10

execution
behavioral18
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.it.js
- Size
  
  879B
- MD5
  
  7049b8aa46d7165c7b71b75376b264a0
- SHA1
  
  c992121b2861b86690ff856aaeeed8ffec106ede
- SHA256
  
  dcc20dd82f72d07447879d81a4891b95784f4981d30edec739f0ee79c177d101
- SHA512
  
  ca03ab80605a3b35fca158e32cd6b3b7065abb74a7c17982b37d390e2e961aa580c6e80ffa624aed9eb7173d6ac6ef1a9c614b58bd53244486d5fa349354f3a8
Score

3^/10

execution
behavioral19
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.ja.js
- Size
  
  1KB
- MD5
  
  1e7d82166fbf8b7c9aadc54307a4da4c
- SHA1
  
  b6d3a420bb9f6049aae8d022ad20568d545d4713
- SHA256
  
  fca15cadfebc9093840fe5a1a4e449f776f2c6a218a379a07c860b0cd81a03cc
- SHA512
  
  9a0d58b9b6f449c74ab0bc225a8d9ab500a79eb4cd46d44efc4f01ca575b79b0f919d2f789f5722fd940d6e583af4177ca04c99e955d3eab8c178995bf1934d9
Score

3^/10

execution
behavioral20
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.js
- Size
  
  832B
- MD5
  
  2db6ac29f4de756fcb8884c8a7db2048
- SHA1
  
  500eb062d906b029c1b33b0e52cfa088fd21df36
- SHA256
  
  8f361db117e4acacfe9701a67b2d783680dfec798c976152336f1acd2354b136
- SHA512
  
  ca74722bca5a35da601383576531527d6ee6e5e54c7d572aa6481e2e80161aaec288e70a61cecda9e75c0b3f23b7987200440722b9504a8dbae686ddce8da760
Score

3^/10

execution
behavioral21
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.ko.js
- Size
  
  1KB
- MD5
  
  ec32b27254b6d07f7f79991a0254af7e
- SHA1
  
  e8a2ca822f1c0bb209fd8cc5d6851d58b9f5a834
- SHA256
  
  549ef2c05e581e5ffeab30ec7d1ab242652e5d0c947e79f48bfdd34a07bce6de
- SHA512
  
  3bcf8c8cbfca0f2ef2541d9c1ed1da12d7bdc20f117ffee980300521c5ef3a13d59a2488b750d665cf64a88bc7270392f0dd92ffe81d5c07e04242794df0edd9
Score

3^/10

execution
behavioral22
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.ru.js
- Size
  
  1KB
- MD5
  
  96ca5943fdaede7de2aa2b55295f8edf
- SHA1
  
  9cdc30a9a55324ca6a46e010a60fe9fdf89c5d44
- SHA256
  
  92530d3614eeb4f4f1ae02d2afafc80af8ae255f02a3f1018ab205fe35ac8a19
- SHA512
  
  d4fc1c51c488754cb5cf1d1fa4672b5e36e5f06db2859d30c3036fb5eb30ea899b35c380a2b643cf18bb6fcb6ee375c592045f311772507fd2a47e5227a467ac
Score

3^/10

execution
behavioral23
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.zh-cn.js
- Size
  
  1003B
- MD5
  
  892f0093d3c7213dcab9e2a812343d27
- SHA1
  
  b77bfeb223db178550bc5712938e0ba44717553d
- SHA256
  
  6b60ac37de348bdba766f4ae272f2b221df72eeaf2a223ca37895b39ed73399a
- SHA512
  
  5c27272068568b5e33e098a8015d862a54a00daa1d6c011eb0c2fa3f774b2aabdbeb11813a0d7815450a6751d16e96a9a480cfb58f8b10964417152983c00b99
Score

3^/10

execution
behavioral24
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/common/worker/simpleWorker.nls.zh-tw.js
- Size
  
  1021B
- MD5
  
  2117ba542a7861242d808bc87cd15857
- SHA1
  
  406b9830e64ed9991fe63d5e76cc105e780b102e
- SHA256
  
  f4a5dbbdb82ed483d4f6eb539b5a810b0109b9ff5d6f53e38637866ad76aed99
- SHA512
  
  0d185ace7ce3436832e657d2a1a7a03b6a90ebeab71e6f067450085560f56589aa0c0e00db9d65f0aa6a3ffc96d7daed043263049c0f228af4ce8307cf590cea
Score

3^/10

execution
behavioral25
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/base/worker/workerMain.js
- Size
  
  330KB
- MD5
  
  1571cdad2ca63dc3b9373ad28d90c9d1
- SHA1
  
  1539bac8ff8e579ffd6f0dc5e69e68f395363e27
- SHA256
  
  d2cd463db087b6b4d434ee204b8a85a1bd899907db506847fffd24837f38d31c
- SHA512
  
  d63c61ce150fc8dc1abb753904d852e31adcad05f0dc585661444a167e316cc1ab9d36a7472e06604448916108d14dd66fe7ca33d8c6e61d64cc780853bc06ba
- SSDEEP
  
  6144:7BwEBd/Vn8B8D4sSXTKcqlArtivhyRnyJTfGKA4:7BwEn/NX4sSXOcqAtivhAnyJDbA4
Score

3^/10

execution
behavioral26
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/basic-languages/abap/abap.js
- Size
  
  14KB
- MD5
  
  c72a91c6dceaf8ab28f853321c9f7ab1
- SHA1
  
  0cd11a0d0a361e1d8fc00e1e6131f18338458ba7
- SHA256
  
  1041cbe6db48d3d5029b5340308ac6f05531d4f7e94510f7fa309f21961da110
- SHA512
  
  6c7f3c70318eec715d145f1f10c5609996cde1dfae8bb85970e40443933bd93809b8b1d29d360f938b0085caf985af1e85fb68d6926994fd037d08cc9344b69a
- SSDEEP
  
  384:GqbFlAVJmdZoL+v0gbDzhckKq9CNWrgfiJ6an:Jg/mduY3hcFTNWrgf5an
Score

3^/10

execution
behavioral27
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/basic-languages/apex/apex.js
- Size
  
  4KB
- MD5
  
  25a0191ab9426d77bd7875892648d228
- SHA1
  
  245859fd07843204cf107b7d04b07a80b4f1b49b
- SHA256
  
  6a4aae6de04641aa3bc1d30b88db86eb5dc5ab017ac8d78642bef6c7f5fe026d
- SHA512
  
  0ea036bdead3e68952924e118513d4fdfecfc2c24fcfbd3cc22cc3277fd247c1af23b75718abb2739e71eb77acb9ef2c6802d1bc3d2d42bcb875673ca01f2735
- SSDEEP
  
  96:pQFDH6ORs8hHV//sax+rbV1+/0V1+/mQGkIlIGEuIBV/1cHhb6z7RlwGcXRqp:GF3hqA+rTx1KIlIhuABuHs9liXS
Score

3^/10

execution
behavioral28
- Target
  
  resources/app/out/WebServer/ClientApp/dist/assets/monaco-editor/min/vs/basic-languages/azcli/azcli.js
- Size
  
  1KB
- MD5
  
  aac53c97115c2987a236f4fe4d5b176c
- SHA1
  
  bd5a801bf41869a9170c92e28b993b162bb9ea7e
- SHA256
  
  972e0991059fbd8b49364bae65d712f169db604f834ad209f5be692a1754b4b3
- SHA512
  
  cb2e617aac6b5ce6e3f2722cd7cca489ba84c932aeb9062bbfd827a13b42c9a9b4a067c680f327b5c443a2c2d17743508be7e10adb12d7c6b661655aa9c90eaf
Score

3^/10

execution
behavioral29
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  466179e1c8ee8a1ff5e4427dbb6c4a01
- SHA1
  
  eb607467009074278e4bd50c7eab400e95ae48f7
- SHA256
  
  1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
- SHA512
  
  7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817
- SSDEEP
  
  192:olsHeylO012En8pqHtcE0PuAgkOyvIFc:oATI0d8pUP0WAgkBvIFc
Score

3^/10
behavioral30
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  ec0504e6b8a11d5aad43b296beeb84b2
- SHA1
  
  91b5ce085130c8c7194d66b2439ec9e1c206497c
- SHA256
  
  5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
- SHA512
  
  3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57
- SSDEEP
  
  96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
Score

3^/10
behavioral31
- Target
  
  $PLUGINSDIR/nsis7z.dll
- Size
  
  424KB
- MD5
  
  80e44ce4895304c6a3a831310fbf8cd0
- SHA1
  
  36bd49ae21c460be5753a904b4501f1abca53508
- SHA256
  
  b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
- SHA512
  
  c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df
- SSDEEP
  
  6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Command and Scripting Interpreter: PowerShell

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32