General

  • Target

    FiddlerSetup.exe

  • Size

    6.5MB

  • Sample

    240724-c97e6stfrp

  • MD5

    7fd1119b5f29e4094228dabf57e65a9d

  • SHA1

    1a4e248bfe07f8c65ce68b4f29013442be6ef7c7

  • SHA256

    5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8

  • SHA512

    20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787

  • SSDEEP

    196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s

Malware Config

Targets

    • Target

      FiddlerSetup.exe

    • Size

      6.5MB

    • MD5

      7fd1119b5f29e4094228dabf57e65a9d

    • SHA1

      1a4e248bfe07f8c65ce68b4f29013442be6ef7c7

    • SHA256

      5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8

    • SHA512

      20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787

    • SSDEEP

      196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Modifies Windows Firewall

    • Target

      $PLUGINSDIR/FiddlerSetup.exe

    • Size

      3.2MB

    • MD5

      092879b4ec0b7a59be6273035da99e27

    • SHA1

      282f2602469017d4d8401e84e248a6c138b7de97

    • SHA256

      87d5fd5bfadffa31f6b72923be4d4a46335b3e32a4f6e306f90d04d4aed49c50

    • SHA512

      dde4050f6a26dc0feecb7a7f2563f33db5615c15c0dd1f3e6bf8ff8aa3a4ced68a53ae66c179f56dda5a50185b5053460e63c5a0489b141d11372aacfcea4cf9

    • SSDEEP

      98304:+9xo4q2xd3gk8wDC4ObcEUkNhvk8ZZAQr:+962sDwuahkk8ZaQr

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b8992e497d57001ddf100f9c397fcef5

    • SHA1

      e26ddf101a2ec5027975d2909306457c6f61cfbd

    • SHA256

      98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b

    • SHA512

      8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c

    • SSDEEP

      192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn

    Score
    3/10
    • Target

      Analytics.dll

    • Size

      32KB

    • MD5

      1c2bd080b0e972a3ee1579895ea17b42

    • SHA1

      a09454bc976b4af549a6347618f846d4c93b769b

    • SHA256

      166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

    • SHA512

      946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

    • SSDEEP

      384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7

    Score
    1/10
    • Target

      Be.Windows.Forms.HexBox.dll

    • Size

      60KB

    • MD5

      e6f7b8c5ec4d1543eaa7f5d148c6327c

    • SHA1

      61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec

    • SHA256

      bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e

    • SHA512

      6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4

    • SSDEEP

      1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve

    Score
    1/10
    • Target

      DotNetZip.dll

    • Size

      449KB

    • MD5

      11bbdf80d756b3a877af483195c60619

    • SHA1

      99aca4f325d559487abc51b0d2ebd4dca62c9462

    • SHA256

      698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1

    • SHA512

      ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29

    • SSDEEP

      6144:WuCIjULqwIvFC/scNRmglrCYc9vnIJtrGtSV41kJDsTDDfiSLe6XOxLV/f:kDLZrPtLWn7S4csHiSe6+ff

    Score
    1/10
    • Target

      EnableLoopback.exe

    • Size

      95KB

    • MD5

      5d16400084f534535c922180c562bd70

    • SHA1

      20444c63a2e6ff17a1970f8af0744c0ccfdbb659

    • SHA256

      0ccf6f4b2f6e89ddb50b3075fd6b604ef7c0d6b13ce377781d898dcd8f9c91d7

    • SHA512

      b9dc50aac871ff81c54e000adb1de11c17aeea75fbc80afa5f025d1efe6c79acbfd05b5de6066f084ed0e26d4287c354984195e7aa134545846d371f84063bd0

    • SSDEEP

      768:izEI16zcI2eTcvEWm/ljPjOPAxr25znrSh7A8g3CqnZZ6qmmlGThRR2fTnR2fTT0:y1H5MiP1zrSh7JwZQxmlGKyn6hb

    Score
    5/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      ExecAction.exe

    • Size

      19KB

    • MD5

      519310853c0ee273a3f8787d7518dd2e

    • SHA1

      22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8

    • SHA256

      a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272

    • SHA512

      30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d

    • SSDEEP

      192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY

    Score
    1/10
    • Target

      FSE2.exe

    • Size

      50KB

    • MD5

      44f37783cd2889a9eb8232c263339e68

    • SHA1

      cd186e0bc8ecb3e063e68d5923bd5e7b165e3532

    • SHA256

      d43b4fa2b5b61429905f707959657430fc67a2a23351757b09af15c680e6efbf

    • SHA512

      65880a8ee81a67e866babc71988f6af31084e690b6e172cfb14c51315accef92a26a73cedac9846ba4348a01b328400d942131b5704a8f91f7c804ae1100d2fd

    • SSDEEP

      768:VhiPG/q1nVY2kh5yGJMwvH8Ufrg04g0rTpEikGWwd:HzonVXkhVJMwvH5frgsOd

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Target

      Fiddler.exe

    • Size

      1.5MB

    • MD5

      a5b8c0f51898e9d55e4b3aa7904adf32

    • SHA1

      5eaff276409670f3e8ce4cbb17086f1362d18868

    • SHA256

      5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3

    • SHA512

      6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427

    • SSDEEP

      12288:nkcQS3I8s758yMQhaTqylrpxVKXgDPL5daRtriRStgz+/iUFu0o3AklQvleUl053:rOrc7WeJ3WZwo343m+pmjtSDN

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      ForceCPU.exe

    • Size

      19KB

    • MD5

      b982a103b0d4e0db856026a163124bf3

    • SHA1

      40772be00068bbd394ff0fccd551151a822f3e70

    • SHA256

      2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d

    • SHA512

      214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327

    • SSDEEP

      192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv

    Score
    1/10
    • Target

      GA.Analytics.Monitor.dll

    • Size

      52KB

    • MD5

      6f9e5c4b5662c7f8d1159edcba6e7429

    • SHA1

      c7630476a50a953dab490931b99d2a5eca96f9f6

    • SHA256

      e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

    • SHA512

      78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

    • SSDEEP

      768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi

    Score
    1/10
    • Target

      ImportExport/BasicFormats.dll

    • Size

      124KB

    • MD5

      034faf419a2e1878f383edbcc7fb1616

    • SHA1

      7814adc2245d920c826e92d249a3ef835df9160c

    • SHA256

      a208720a293a0ade9bc0783cdbc351ce5c7746395c2f2fb1ee8f538de054d06d

    • SHA512

      5f32f46701ad3c5f2336ab2a8d3043ed616b44967ce7704885dba64d09fc1376fd1fd45d7cf038755669748ba8d16dd08cbb28cbcb187a8acb1e4ac24f3bbba7

    • SSDEEP

      3072:U7oO+xPm/sjzY4WctGYPhfhGr1rERA1TenDV++HOb2f89rv:pxVtTJfz2QQ9rv

    Score
    1/10
    • Target

      ImportExport/VSWebTestExport.dll

    • Size

      57KB

    • MD5

      465e56c7b9aaa00dd5ef62279317b0f2

    • SHA1

      a5ee6ccafb59ef4e7f34c785c3ddf3c39d10e82d

    • SHA256

      7dc516841f65a2004b127c55c320be350e13d83e2180fcf78700faaa2deeb068

    • SHA512

      df579ecb8dc6ff4d09ad943531fa3dcca5ce507da54d04c97fd75f470dc8033a5e79b9e50d7de9c6c6598d3c36f11e5f98262e6242b40c337f60d6ac65dba581

    • SSDEEP

      768:k12VLhSX96KTIvdF9TyT7Enn/IRXILJtGiU83aTU5lhRR2fTLcR2fTOXeN266bl:NtU5CdB/LtrU83asota86bl

    Score
    1/10
    • Target

      Inspectors/QWhale.Common.dll

    • Size

      192KB

    • MD5

      ac80e3ca5ec3ed77ef7f1a5648fd605a

    • SHA1

      593077c0d921df0819d48b627d4a140967a6b9e0

    • SHA256

      93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

    • SHA512

      3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

    • SSDEEP

      1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc

    Score
    1/10
    • Target

      Inspectors/QWhale.Editor.dll

    • Size

      816KB

    • MD5

      eaa268802c633f27fcfc90fd0f986e10

    • SHA1

      21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

    • SHA256

      fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

    • SHA512

      c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

    • SSDEEP

      12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB

    Score
    1/10
    • Target

      Inspectors/QWhale.Syntax.Schemes.dll

    • Size

      284KB

    • MD5

      681abb88692a8d2662c527eab350744b

    • SHA1

      58bf5fdfa668c2add65a6b7edbb43eab47648821

    • SHA256

      9ad5749ba1914101cd4cf2736d0e74bbb8c7abbe93fd5e83377d5cbf33ddb78d

    • SHA512

      5f2a370b4bd64e03469ddaa90b7ebd75e588033dbe48ae1b111fa537e56aa13b5bd7e067126d3cc543faf45cd0595ea2355d8fa412197b61f18754e4f9876823

    • SSDEEP

      1536:/YiCDgqGqtbeBLmTnNLUSgk9NPOEbg0hIc2Vrl2XuPtlPpXB1sJOm8M93f2AkkgW:abMmTnNLUSgk9NPOEL2Wg1TOV

    Score
    1/10
    • Target

      Inspectors/QWhale.Syntax.dll

    • Size

      228KB

    • MD5

      3be64186e6e8ad19dc3559ee3c307070

    • SHA1

      2f9e70e04189f6c736a3b9d0642f46208c60380a

    • SHA256

      79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

    • SHA512

      7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

    • SSDEEP

      3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V

    Score
    1/10
    • Target

      Inspectors/Standard.dll

    • Size

      259KB

    • MD5

      d1b161426b18ecbd0116674698ab8b71

    • SHA1

      ade77acf4ac19ec9856196facc03fd186c292dca

    • SHA256

      5f2e4703fe3c5e02b08929e33799a25140255d1e1331f3b221982be61d25b1cc

    • SHA512

      a3fb79d95a70c10faa4ce1a4f90990fb37ce89ebf4172f254735fa984d7fa3abbbad9c2a8404ae3d54ccde227b8c32d8465c0112f488b3c1ecfd9f268c28afab

    • SSDEEP

      6144:6/O1/wsU5J1/2nT4Yx2Ngzs2LLf7su11NcFYD:6if/8Cr1bv

    Score
    1/10
    • Target

      Inspectors/SyntaxView.dll

    • Size

      81KB

    • MD5

      1ad12fecdc040667ca8dadc56c91071e

    • SHA1

      ad2c289752bf2f9ca90a6364b199a51e24a67290

    • SHA256

      1783ad978758fbf36f2d63394ca1e9f3cf2e65492346971dec600848899affec

    • SHA512

      ca183434278ddbd5b3c601f966f4483ed969e6fd7c05ec21ab7a6cb50cfae7928ce92c731d3b7e15a0aaf41d615da4d142a0c9def904a5f77405de5ed10ce6eb

    • SSDEEP

      1536:juWPJNi7uBhwhAKS61zfetV7LwS0Oh64R:jbPbi7ucaKS61zfwP0OhP

    Score
    1/10
    • Target

      Newtonsoft.Json.dll

    • Size

      647KB

    • MD5

      5afda7c7d4f7085e744c2e7599279db3

    • SHA1

      3a833eb7c6be203f16799d7b7ccd8b8c9d439261

    • SHA256

      f58c374ffcaae4e36d740d90fbf7fe70d0abb7328cd9af3a0a7b70803e994ba4

    • SHA512

      7cbbbef742f56af80f1012d7da86fe5375ac05813045756fb45d0691c36ef13c069361457500ba4200157d5ee7922fd118bf4c0635e5192e3f8c6183fd580944

    • SSDEEP

      6144:3o4V9ynqKoxhi0gAsfLBhJJzhGIVrdhoHuLFGAJmKApt5psaLGBFahKGRd67XLEm:LyncxQRhJJzhoqgH5sB4dxHG

    Score
    1/10
    • Target

      Plugins/NetworkConnections/Telerik.NetworkConnections.Windows.dll

    • Size

      33KB

    • MD5

      5889357424d717c8629c8bfabcd0be50

    • SHA1

      87e7047a40e24bd5ac23f89e072ee39a14a53023

    • SHA256

      3564b25b24569b8d8a0128f2f4bddec89c0b8986da7542d9c64aac730360a600

    • SHA512

      1af458742cefd4730d64b19ecc05460354f0e47a79cdcd7794877aa0f6c56cfb92f37a0daf66fedaec2a579eb0187d774b7d5ba1fff65d6ab1504df4c3668fad

    • SSDEEP

      768:2LpjNBBUyOzcB7RZbkTg+jO4HmBWKNTjNTlfKaE:2LB9VRpOg+jmBPFjF0aE

    Score
    1/10
    • Target

      RunNsisUninstallers.bat

    • Size

      334B

    • MD5

      adedc0065e7ede15a0d8dab1c985ddee

    • SHA1

      53803b6179deaded7c57606cea410de34bfcb301

    • SHA256

      80d570928745176a574d82e45adb33dcab7fa68f80da07038c3da415c355463b

    • SHA512

      b303123360d4c6ce787814376526ae5af035a0105fe2114d50fc9b8f6e5de8bac0db3de6a0756f6a53294bf6ec379c2ff034058eb84b2a1e510164bf816599a8

    Score
    1/10
    • Target

      ScriptEditor/Analytics.dll

    • Size

      32KB

    • MD5

      1c2bd080b0e972a3ee1579895ea17b42

    • SHA1

      a09454bc976b4af549a6347618f846d4c93b769b

    • SHA256

      166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

    • SHA512

      946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

    • SSDEEP

      384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7

    Score
    1/10
    • Target

      ScriptEditor/GA.Analytics.Monitor.dll

    • Size

      52KB

    • MD5

      6f9e5c4b5662c7f8d1159edcba6e7429

    • SHA1

      c7630476a50a953dab490931b99d2a5eca96f9f6

    • SHA256

      e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

    • SHA512

      78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

    • SSDEEP

      768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi

    Score
    1/10
    • Target

      ScriptEditor/QWhale.Common.dll

    • Size

      192KB

    • MD5

      ac80e3ca5ec3ed77ef7f1a5648fd605a

    • SHA1

      593077c0d921df0819d48b627d4a140967a6b9e0

    • SHA256

      93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

    • SHA512

      3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

    • SSDEEP

      1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc

    Score
    1/10
    • Target

      ScriptEditor/QWhale.Editor.dll

    • Size

      816KB

    • MD5

      eaa268802c633f27fcfc90fd0f986e10

    • SHA1

      21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

    • SHA256

      fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

    • SHA512

      c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

    • SSDEEP

      12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB

    Score
    1/10
    • Target

      ScriptEditor/QWhale.Syntax.Parsers.dll

    • Size

      1.1MB

    • MD5

      9fe6e9cfedb661c61a2c70fa75008ec3

    • SHA1

      0f6a0f4e7fc5552088d3f2dd0c0adf6f6c45b686

    • SHA256

      acff23204982780d844f5b0cbfe0bf1849c1dfe782cb4084ba2bdc9bf53f026c

    • SHA512

      a8864ee43628f667d6e0acf071fbba414ff768fe9dd302e6f9498432b3ce48a22deecfe438099a3caa684ad8e9588fae111de752c37c158eebd76e48ab67e02d

    • SSDEEP

      6144:DDsAkHPWoMvThdMlLQtRZfScxaHrlXnp55VAWvRY02OCo6+shEd2qxrGa:DDs7uounM5WSNAG2otTh

    Score
    1/10
    • Target

      ScriptEditor/QWhale.Syntax.dll

    • Size

      228KB

    • MD5

      3be64186e6e8ad19dc3559ee3c307070

    • SHA1

      2f9e70e04189f6c736a3b9d0642f46208c60380a

    • SHA256

      79a2c829de00e56d75eeb81cd97b04eae96bc41d6a2dbdc0ca4e7e0b454b1b7c

    • SHA512

      7d0e657b3a1c23d13d1a7e7d1b95b4d9280cb08a0aca641feb9a89e6b8f0c8760499d63e240fe9c62022790a4822bf4fe2c9d9b19b12bd7f0451454be471ff78

    • SSDEEP

      3072:Ns/3b/8FpHf3kBFcCsbfqai2/8Fjitdmus95jMRrgk+vWZYz39dHiB796k9gR5+r:NQLa/kBFcCsbfRgzM07XGk+V

    Score
    1/10
    • Target

      Scripts/FiddlerOrchestra.Addon.dll

    • Size

      51KB

    • MD5

      3cded1ca2097f4f6ce8ded0add3b3f22

    • SHA1

      399f8596b2a282fba64accef4af4a89d914640dc

    • SHA256

      4e0e01a7a2fad783dffb80ca199ee0407725a73d6d4222a5e9d528b9578e1288

    • SHA512

      74eb04e25f6b7d0082d09c6ba0848cb1dcccc98515ecfea8a0427b9fb71652ce920cf1f058d0cf1a108608d54376b27bd08044b78bd7a6b066071a1645d5e598

    • SSDEEP

      1536:HA36xjEI08WCNVTPHjdvwrQhddF/dFuffaJ:HA362I5WCNteUrdF/dFuffaJ

    Score
    1/10
    • Target

      Scripts/FiddlerOrchestra.Connection.dll

    • Size

      1.7MB

    • MD5

      a5d3aea3abaf461b4ad2443573cc5509

    • SHA1

      1431a3f5ff9c5182fa22c4445686b2dbb8026272

    • SHA256

      f63f4e524e6c3868e1fe2e660b245da25b7159b60fc9092a4f32f90d5633c775

    • SHA512

      1662fce42fd8573ac5083dd98fd33002f3cc2bce895a9d51c76e4830196968ed6171d30cc5e293b1a75a2a138244ca07347a0f43ad3504f14a1b9af500844363

    • SSDEEP

      49152:1fSFIBE1MOwmkAmcECIvCH83xlQbkkoKsit:mIK1MOwmCit

    Score
    1/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      b8992e497d57001ddf100f9c397fcef5

    • SHA1

      e26ddf101a2ec5027975d2909306457c6f61cfbd

    • SHA256

      98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b

    • SHA512

      8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c

    • SSDEEP

      192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral2

discovery
Score
3/10

behavioral3

discovery
Score
3/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
5/10

behavioral8

Score
1/10

behavioral9

credential_accessdiscoverystealer
Score
9/10

behavioral10

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

discovery
Score
3/10