Overview
overview
9Static
static
3FiddlerSetup.exe
windows10-1703-x64
9$PLUGINSDI...up.exe
windows10-1703-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3Analytics.dll
windows10-1703-x64
1Be.Windows...ox.dll
windows10-1703-x64
1DotNetZip.dll
windows10-1703-x64
1EnableLoopback.exe
windows10-1703-x64
5ExecAction.exe
windows10-1703-x64
1FSE2.exe
windows10-1703-x64
9Fiddler.exe
windows10-1703-x64
9ForceCPU.exe
windows10-1703-x64
1GA.Analyti...or.dll
windows10-1703-x64
1ImportExpo...ts.dll
windows10-1703-x64
1ImportExpo...rt.dll
windows10-1703-x64
1Inspectors...on.dll
windows10-1703-x64
1Inspectors...or.dll
windows10-1703-x64
1Inspectors...es.dll
windows10-1703-x64
1Inspectors...ax.dll
windows10-1703-x64
1Inspectors...rd.dll
windows10-1703-x64
1Inspectors...ew.dll
windows10-1703-x64
1Newtonsoft.Json.dll
windows10-1703-x64
1Plugins/Ne...ws.dll
windows10-1703-x64
1RunNsisUni...rs.bat
windows10-1703-x64
1ScriptEdit...cs.dll
windows10-1703-x64
1ScriptEdit...or.dll
windows10-1703-x64
1ScriptEdit...on.dll
windows10-1703-x64
1ScriptEdit...or.dll
windows10-1703-x64
1ScriptEdit...rs.dll
windows10-1703-x64
1ScriptEdit...ax.dll
windows10-1703-x64
1Scripts/Fi...on.dll
windows10-1703-x64
1Scripts/Fi...on.dll
windows10-1703-x64
1$PLUGINSDI...em.dll
windows10-1703-x64
3General
-
Target
FiddlerSetup.exe
-
Size
6.5MB
-
Sample
240724-c97e6stfrp
-
MD5
7fd1119b5f29e4094228dabf57e65a9d
-
SHA1
1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
-
SHA256
5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
-
SHA512
20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787
-
SSDEEP
196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s
Static task
static1
Behavioral task
behavioral1
Sample
FiddlerSetup.exe
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/FiddlerSetup.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Analytics.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Be.Windows.Forms.HexBox.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
DotNetZip.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
EnableLoopback.exe
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
ExecAction.exe
Resource
win10-20240611-en
Behavioral task
behavioral9
Sample
FSE2.exe
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
Fiddler.exe
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
ForceCPU.exe
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
GA.Analytics.Monitor.dll
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
ImportExport/BasicFormats.dll
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
ImportExport/VSWebTestExport.dll
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
Inspectors/QWhale.Common.dll
Resource
win10-20240611-en
Behavioral task
behavioral16
Sample
Inspectors/QWhale.Editor.dll
Resource
win10-20240404-en
Behavioral task
behavioral17
Sample
Inspectors/QWhale.Syntax.Schemes.dll
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
Inspectors/QWhale.Syntax.dll
Resource
win10-20240404-en
Behavioral task
behavioral19
Sample
Inspectors/Standard.dll
Resource
win10-20240404-en
Behavioral task
behavioral20
Sample
Inspectors/SyntaxView.dll
Resource
win10-20240404-en
Behavioral task
behavioral21
Sample
Newtonsoft.Json.dll
Resource
win10-20240404-en
Behavioral task
behavioral22
Sample
Plugins/NetworkConnections/Telerik.NetworkConnections.Windows.dll
Resource
win10-20240611-en
Behavioral task
behavioral23
Sample
RunNsisUninstallers.bat
Resource
win10-20240404-en
Behavioral task
behavioral24
Sample
ScriptEditor/Analytics.dll
Resource
win10-20240404-en
Behavioral task
behavioral25
Sample
ScriptEditor/GA.Analytics.Monitor.dll
Resource
win10-20240404-en
Behavioral task
behavioral26
Sample
ScriptEditor/QWhale.Common.dll
Resource
win10-20240404-en
Behavioral task
behavioral27
Sample
ScriptEditor/QWhale.Editor.dll
Resource
win10-20240404-en
Behavioral task
behavioral28
Sample
ScriptEditor/QWhale.Syntax.Parsers.dll
Resource
win10-20240404-en
Behavioral task
behavioral29
Sample
ScriptEditor/QWhale.Syntax.dll
Resource
win10-20240611-en
Behavioral task
behavioral30
Sample
Scripts/FiddlerOrchestra.Addon.dll
Resource
win10-20240404-en
Behavioral task
behavioral31
Sample
Scripts/FiddlerOrchestra.Connection.dll
Resource
win10-20240404-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
FiddlerSetup.exe
-
Size
6.5MB
-
MD5
7fd1119b5f29e4094228dabf57e65a9d
-
SHA1
1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
-
SHA256
5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
-
SHA512
20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787
-
SSDEEP
196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Modifies Windows Firewall
-
-
-
Target
$PLUGINSDIR/FiddlerSetup.exe
-
Size
3.2MB
-
MD5
092879b4ec0b7a59be6273035da99e27
-
SHA1
282f2602469017d4d8401e84e248a6c138b7de97
-
SHA256
87d5fd5bfadffa31f6b72923be4d4a46335b3e32a4f6e306f90d04d4aed49c50
-
SHA512
dde4050f6a26dc0feecb7a7f2563f33db5615c15c0dd1f3e6bf8ff8aa3a4ced68a53ae66c179f56dda5a50185b5053460e63c5a0489b141d11372aacfcea4cf9
-
SSDEEP
98304:+9xo4q2xd3gk8wDC4ObcEUkNhvk8ZZAQr:+962sDwuahkk8ZaQr
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
b8992e497d57001ddf100f9c397fcef5
-
SHA1
e26ddf101a2ec5027975d2909306457c6f61cfbd
-
SHA256
98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
-
SHA512
8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
-
SSDEEP
192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
Score3/10 -
-
-
Target
Analytics.dll
-
Size
32KB
-
MD5
1c2bd080b0e972a3ee1579895ea17b42
-
SHA1
a09454bc976b4af549a6347618f846d4c93b769b
-
SHA256
166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
-
SHA512
946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
-
SSDEEP
384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score1/10 -
-
-
Target
Be.Windows.Forms.HexBox.dll
-
Size
60KB
-
MD5
e6f7b8c5ec4d1543eaa7f5d148c6327c
-
SHA1
61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec
-
SHA256
bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
-
SHA512
6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4
-
SSDEEP
1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve
Score1/10 -
-
-
Target
DotNetZip.dll
-
Size
449KB
-
MD5
11bbdf80d756b3a877af483195c60619
-
SHA1
99aca4f325d559487abc51b0d2ebd4dca62c9462
-
SHA256
698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1
-
SHA512
ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29
-
SSDEEP
6144:WuCIjULqwIvFC/scNRmglrCYc9vnIJtrGtSV41kJDsTDDfiSLe6XOxLV/f:kDLZrPtLWn7S4csHiSe6+ff
Score1/10 -
-
-
Target
EnableLoopback.exe
-
Size
95KB
-
MD5
5d16400084f534535c922180c562bd70
-
SHA1
20444c63a2e6ff17a1970f8af0744c0ccfdbb659
-
SHA256
0ccf6f4b2f6e89ddb50b3075fd6b604ef7c0d6b13ce377781d898dcd8f9c91d7
-
SHA512
b9dc50aac871ff81c54e000adb1de11c17aeea75fbc80afa5f025d1efe6c79acbfd05b5de6066f084ed0e26d4287c354984195e7aa134545846d371f84063bd0
-
SSDEEP
768:izEI16zcI2eTcvEWm/ljPjOPAxr25znrSh7A8g3CqnZZ6qmmlGThRR2fTnR2fTT0:y1H5MiP1zrSh7JwZQxmlGKyn6hb
Score5/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
ExecAction.exe
-
Size
19KB
-
MD5
519310853c0ee273a3f8787d7518dd2e
-
SHA1
22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8
-
SHA256
a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272
-
SHA512
30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d
-
SSDEEP
192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY
Score1/10 -
-
-
Target
FSE2.exe
-
Size
50KB
-
MD5
44f37783cd2889a9eb8232c263339e68
-
SHA1
cd186e0bc8ecb3e063e68d5923bd5e7b165e3532
-
SHA256
d43b4fa2b5b61429905f707959657430fc67a2a23351757b09af15c680e6efbf
-
SHA512
65880a8ee81a67e866babc71988f6af31084e690b6e172cfb14c51315accef92a26a73cedac9846ba4348a01b328400d942131b5704a8f91f7c804ae1100d2fd
-
SSDEEP
768:VhiPG/q1nVY2kh5yGJMwvH8Ufrg04g0rTpEikGWwd:HzonVXkhVJMwvH5frgsOd
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
-
-
Target
Fiddler.exe
-
Size
1.5MB
-
MD5
a5b8c0f51898e9d55e4b3aa7904adf32
-
SHA1
5eaff276409670f3e8ce4cbb17086f1362d18868
-
SHA256
5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3
-
SHA512
6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427
-
SSDEEP
12288:nkcQS3I8s758yMQhaTqylrpxVKXgDPL5daRtriRStgz+/iUFu0o3AklQvleUl053:rOrc7WeJ3WZwo343m+pmjtSDN
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
ForceCPU.exe
-
Size
19KB
-
MD5
b982a103b0d4e0db856026a163124bf3
-
SHA1
40772be00068bbd394ff0fccd551151a822f3e70
-
SHA256
2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
-
SHA512
214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
-
SSDEEP
192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score1/10 -
-
-
Target
GA.Analytics.Monitor.dll
-
Size
52KB
-
MD5
6f9e5c4b5662c7f8d1159edcba6e7429
-
SHA1
c7630476a50a953dab490931b99d2a5eca96f9f6
-
SHA256
e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
-
SHA512
78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
-
SSDEEP
768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score1/10 -
-
-
Target
ImportExport/BasicFormats.dll
-
Size
124KB
-
MD5
034faf419a2e1878f383edbcc7fb1616
-
SHA1
7814adc2245d920c826e92d249a3ef835df9160c
-
SHA256
a208720a293a0ade9bc0783cdbc351ce5c7746395c2f2fb1ee8f538de054d06d
-
SHA512
5f32f46701ad3c5f2336ab2a8d3043ed616b44967ce7704885dba64d09fc1376fd1fd45d7cf038755669748ba8d16dd08cbb28cbcb187a8acb1e4ac24f3bbba7
-
SSDEEP
3072:U7oO+xPm/sjzY4WctGYPhfhGr1rERA1TenDV++HOb2f89rv:pxVtTJfz2QQ9rv
Score1/10 -
-
-
Target
ImportExport/VSWebTestExport.dll
-
Size
57KB
-
MD5
465e56c7b9aaa00dd5ef62279317b0f2
-
SHA1
a5ee6ccafb59ef4e7f34c785c3ddf3c39d10e82d
-
SHA256
7dc516841f65a2004b127c55c320be350e13d83e2180fcf78700faaa2deeb068
-
SHA512
df579ecb8dc6ff4d09ad943531fa3dcca5ce507da54d04c97fd75f470dc8033a5e79b9e50d7de9c6c6598d3c36f11e5f98262e6242b40c337f60d6ac65dba581
-
SSDEEP
768:k12VLhSX96KTIvdF9TyT7Enn/IRXILJtGiU83aTU5lhRR2fTLcR2fTOXeN266bl:NtU5CdB/LtrU83asota86bl
Score1/10 -
-
-
Target
Inspectors/QWhale.Common.dll
-
Size
192KB
-
MD5
ac80e3ca5ec3ed77ef7f1a5648fd605a
-
SHA1
593077c0d921df0819d48b627d4a140967a6b9e0
-
SHA256
93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
-
SHA512
3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
-
SSDEEP
1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score1/10 -
-
-
Target
Inspectors/QWhale.Editor.dll
-
Size
816KB
-
MD5
eaa268802c633f27fcfc90fd0f986e10
-
SHA1
21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
-
SHA256
fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
-
SHA512
c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
-
SSDEEP
12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score1/10 -
-
-
Target
Inspectors/QWhale.Syntax.Schemes.dll
-
Size
284KB
-
MD5
681abb88692a8d2662c527eab350744b
-
SHA1
58bf5fdfa668c2add65a6b7edbb43eab47648821
-
SHA256
9ad5749ba1914101cd4cf2736d0e74bbb8c7abbe93fd5e83377d5cbf33ddb78d
-
SHA512
5f2a370b4bd64e03469ddaa90b7ebd75e588033dbe48ae1b111fa537e56aa13b5bd7e067126d3cc543faf45cd0595ea2355d8fa412197b61f18754e4f9876823
-
SSDEEP
1536:/YiCDgqGqtbeBLmTnNLUSgk9NPOEbg0hIc2Vrl2XuPtlPpXB1sJOm8M93f2AkkgW:abMmTnNLUSgk9NPOEL2Wg1TOV
Score1/10 -
-
-
Target
Inspectors/QWhale.Syntax.dll
-
Size
228KB
-
MD5
3be64186e6e8ad19dc3559ee3c307070
-
SHA1
2f9e70e04189f6c736a3b9d0642f46208c60380a
-
SHA256
79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c
-
SHA512
7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78
-
SSDEEP
3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V
Score1/10 -
-
-
Target
Inspectors/Standard.dll
-
Size
259KB
-
MD5
d1b161426b18ecbd0116674698ab8b71
-
SHA1
ade77acf4ac19ec9856196facc03fd186c292dca
-
SHA256
5f2e4703fe3c5e02b08929e33799a25140255d1e1331f3b221982be61d25b1cc
-
SHA512
a3fb79d95a70c10faa4ce1a4f90990fb37ce89ebf4172f254735fa984d7fa3abbbad9c2a8404ae3d54ccde227b8c32d8465c0112f488b3c1ecfd9f268c28afab
-
SSDEEP
6144:6/O1/wsU5J1/2nT4Yx2Ngzs2LLf7su11NcFYD:6if/8Cr1bv
Score1/10 -
-
-
Target
Inspectors/SyntaxView.dll
-
Size
81KB
-
MD5
1ad12fecdc040667ca8dadc56c91071e
-
SHA1
ad2c289752bf2f9ca90a6364b199a51e24a67290
-
SHA256
1783ad978758fbf36f2d63394ca1e9f3cf2e65492346971dec600848899affec
-
SHA512
ca183434278ddbd5b3c601f966f4483ed969e6fd7c05ec21ab7a6cb50cfae7928ce92c731d3b7e15a0aaf41d615da4d142a0c9def904a5f77405de5ed10ce6eb
-
SSDEEP
1536:juWPJNi7uBhwhAKS61zfetV7LwS0Oh64R:jbPbi7ucaKS61zfwP0OhP
Score1/10 -
-
-
Target
Newtonsoft.Json.dll
-
Size
647KB
-
MD5
5afda7c7d4f7085e744c2e7599279db3
-
SHA1
3a833eb7c6be203f16799d7b7ccd8b8c9d439261
-
SHA256
f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4
-
SHA512
7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944
-
SSDEEP
6144:3o4V9ynqKoxhi0gAsfLBhJJzhGIVrdhoHuLFGAJmKApt5psaLGBFahKGRd67XLEm:LyncxQRhJJzhoqgH5sB4dxHG
Score1/10 -
-
-
Target
Plugins/NetworkConnections/Telerik.NetworkConnections.Windows.dll
-
Size
33KB
-
MD5
5889357424d717c8629c8bfabcd0be50
-
SHA1
87e7047a40e24bd5ac23f89e072ee39a14a53023
-
SHA256
3564b25b24569b8d8a0128f2f4bddec89c0b8986da7542d9c64aac730360a600
-
SHA512
1af458742cefd4730d64b19ecc05460354f0e47a79cdcd7794877aa0f6c56cfb92f37a0daf66fedaec2a579eb0187d774b7d5ba1fff65d6ab1504df4c3668fad
-
SSDEEP
768:2LpjNBBUyOzcB7RZbkTg+jO4HmBWKNTjNTlfKaE:2LB9VRpOg+jmBPFjF0aE
Score1/10 -
-
-
Target
RunNsisUninstallers.bat
-
Size
334B
-
MD5
adedc0065e7ede15a0d8dab1c985ddee
-
SHA1
53803b6179deaded7c57606cea410de34bfcb301
-
SHA256
80d570928745176a574d82e45adb33dcab7fa68f80da07038c3da415c355463b
-
SHA512
b303123360d4c6ce787814376526ae5af035a0105fe2114d50fc9b8f6e5de8bac0db3de6a0756f6a53294bf6ec379c2ff034058eb84b2a1e510164bf816599a8
Score1/10 -
-
-
Target
ScriptEditor/Analytics.dll
-
Size
32KB
-
MD5
1c2bd080b0e972a3ee1579895ea17b42
-
SHA1
a09454bc976b4af549a6347618f846d4c93b769b
-
SHA256
166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
-
SHA512
946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
-
SSDEEP
384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score1/10 -
-
-
Target
ScriptEditor/GA.Analytics.Monitor.dll
-
Size
52KB
-
MD5
6f9e5c4b5662c7f8d1159edcba6e7429
-
SHA1
c7630476a50a953dab490931b99d2a5eca96f9f6
-
SHA256
e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
-
SHA512
78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
-
SSDEEP
768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score1/10 -
-
-
Target
ScriptEditor/QWhale.Common.dll
-
Size
192KB
-
MD5
ac80e3ca5ec3ed77ef7f1a5648fd605a
-
SHA1
593077c0d921df0819d48b627d4a140967a6b9e0
-
SHA256
93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
-
SHA512
3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
-
SSDEEP
1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score1/10 -
-
-
Target
ScriptEditor/QWhale.Editor.dll
-
Size
816KB
-
MD5
eaa268802c633f27fcfc90fd0f986e10
-
SHA1
21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
-
SHA256
fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
-
SHA512
c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
-
SSDEEP
12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score1/10 -
-
-
Target
ScriptEditor/QWhale.Syntax.Parsers.dll
-
Size
1.1MB
-
MD5
9fe6e9cfedb661c61a2c70fa75008ec3
-
SHA1
0f6a0f4e7fc5552088d3f2dd0c0adf6f6c45b686
-
SHA256
acff23204982780d844f5b0cbfe0bf1849c1dfe782cb4084ba2bdc9bf53f026c
-
SHA512
a8864ee43628f667d6e0acf071fbba414ff768fe9dd302e6f9498432b3ce48a22deecfe438099a3caa684ad8e9588fae111de752c37c158eebd76e48ab67e02d
-
SSDEEP
6144:DDsAkHPWoMvThdMlLQtRZfScxaHrlXnp55VAWvRY02OCo6+shEd2qxrGa:DDs7uounM5WSNAG2otTh
Score1/10 -
-
-
Target
ScriptEditor/QWhale.Syntax.dll
-
Size
228KB
-
MD5
3be64186e6e8ad19dc3559ee3c307070
-
SHA1
2f9e70e04189f6c736a3b9d0642f46208c60380a
-
SHA256
79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c
-
SHA512
7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78
-
SSDEEP
3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V
Score1/10 -
-
-
Target
Scripts/FiddlerOrchestra.Addon.dll
-
Size
51KB
-
MD5
3cded1ca2097f4f6ce8ded0add3b3f22
-
SHA1
399f8596b2a282fba64accef4af4a89d914640dc
-
SHA256
4e0e01a7a2fad783dffb80ca199ee0407725a73d6d4222a5e9d528b9578e1288
-
SHA512
74eb04e25f6b7d0082d09c6ba0848cb1dcccc98515ecfea8a0427b9fb71652ce920cf1f058d0cf1a108608d54376b27bd08044b78bd7a6b066071a1645d5e598
-
SSDEEP
1536:HA36xjEI08WCNVTPHjdvwrQhddF/dFuffaJ:HA362I5WCNteUrdF/dFuffaJ
Score1/10 -
-
-
Target
Scripts/FiddlerOrchestra.Connection.dll
-
Size
1.7MB
-
MD5
a5d3aea3abaf461b4ad2443573cc5509
-
SHA1
1431a3f5ff9c5182fa22c4445686b2dbb8026272
-
SHA256
f63f4e524e6c3868e1fe2e660b245da25b7159b60fc9092a4f32f90d5633c775
-
SHA512
1662fce42fd8573ac5083dd98fd33002f3cc2bce895a9d51c76e4830196968ed6171d30cc5e293b1a75a2a138244ca07347a0f43ad3504f14a1b9af500844363
-
SSDEEP
49152:1fSFIBE1MOwmkAmcECIvCH83xlQbkkoKsit:mIK1MOwmCit
Score1/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
b8992e497d57001ddf100f9c397fcef5
-
SHA1
e26ddf101a2ec5027975d2909306457c6f61cfbd
-
SHA256
98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
-
SHA512
8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
-
SSDEEP
192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1