5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8

Sharing

Copy URL

Twitter E-mail

General

Target

FiddlerSetup.exe
Size

6.5MB
Sample

240928-mzd1zsvaqc
MD5

7fd1119b5f29e4094228dabf57e65a9d
SHA1

1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
SHA256

5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
SHA512

20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787
SSDEEP

196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s

Score

9^/10

Malware Config

Targets

- Target
  
  FiddlerSetup.exe
- Size
  
  6.5MB
- MD5
  
  7fd1119b5f29e4094228dabf57e65a9d
- SHA1
  
  1a4e248bfe07f8c65ce68b4f29013442be6ef7c7
- SHA256
  
  5c92f0738c290eac319d4ac3006b5725f1d2163fbfe68dbb2047e07920f4d5e8
- SHA512
  
  20d22e16f5c285bd6ffdf3620762c340ffb97cc51c5080717b87442f29a14271644351b082392d9fb2fd1ce40a1fe56a4e6592a290d67f5c587e8e9eb2f33787
- SSDEEP
  
  196608:Q962sDwuahkk8ZaQd9NCMbw4fO0ADH6Op:Q5uAkk8ZBCuXfjADH6s
Score

4^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FiddlerSetup.exe
- Size
  
  3.2MB
- MD5
  
  092879b4ec0b7a59be6273035da99e27
- SHA1
  
  282f2602469017d4d8401e84e248a6c138b7de97
- SHA256
  
  87d5fd5bfadffa31f6b72923be4d4a46335b3e32a4f6e306f90d04d4aed49c50
- SHA512
  
  dde4050f6a26dc0feecb7a7f2563f33db5615c15c0dd1f3e6bf8ff8aa3a4ced68a53ae66c179f56dda5a50185b5053460e63c5a0489b141d11372aacfcea4cf9
- SSDEEP
  
  98304:+9xo4q2xd3gk8wDC4ObcEUkNhvk8ZZAQr:+962sDwuahkk8ZaQr
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  b8992e497d57001ddf100f9c397fcef5
- SHA1
  
  e26ddf101a2ec5027975d2909306457c6f61cfbd
- SHA256
  
  98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
- SHA512
  
  8823b1904dccfaf031068102cb1def7958a057f49ff369f0e061f1b4db2090021aa620bb8442a2a6ac9355bb74ee54371dc2599c20dc723755a46ede81533a3c
- SSDEEP
  
  192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Analytics.dll
- Size
  
  32KB
- MD5
  
  1c2bd080b0e972a3ee1579895ea17b42
- SHA1
  
  a09454bc976b4af549a6347618f846d4c93b769b
- SHA256
  
  166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
- SHA512
  
  946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
- SSDEEP
  
  384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score

1^/10
behavioral7 behavioral8
- Target
  
  Be.Windows.Forms.HexBox.dll
- Size
  
  60KB
- MD5
  
  e6f7b8c5ec4d1543eaa7f5d148c6327c
- SHA1
  
  61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec
- SHA256
  
  bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
- SHA512
  
  6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4
- SSDEEP
  
  1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve
Score

1^/10
behavioral10 behavioral9
- Target
  
  DotNetZip.dll
- Size
  
  449KB
- MD5
  
  11bbdf80d756b3a877af483195c60619
- SHA1
  
  99aca4f325d559487abc51b0d2ebd4dca62c9462
- SHA256
  
  698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1
- SHA512
  
  ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29
- SSDEEP
  
  6144:WuCIjULqwIvFC/scNRmglrCYc9vnIJtrGtSV41kJDsTDDfiSLe6XOxLV/f:kDLZrPtLWn7S4csHiSe6+ff
Score

1^/10
behavioral11 behavioral12
- Target
  
  EnableLoopback.exe
- Size
  
  95KB
- MD5
  
  5d16400084f534535c922180c562bd70
- SHA1
  
  20444c63a2e6ff17a1970f8af0744c0ccfdbb659
- SHA256
  
  0ccf6f4b2f6e89ddb50b3075fd6b604ef7c0d6b13ce377781d898dcd8f9c91d7
- SHA512
  
  b9dc50aac871ff81c54e000adb1de11c17aeea75fbc80afa5f025d1efe6c79acbfd05b5de6066f084ed0e26d4287c354984195e7aa134545846d371f84063bd0
- SSDEEP
  
  768:izEI16zcI2eTcvEWm/ljPjOPAxr25znrSh7A8g3CqnZZ6qmmlGThRR2fTnR2fTT0:y1H5MiP1zrSh7JwZQxmlGKyn6hb
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  ExecAction.exe
- Size
  
  19KB
- MD5
  
  519310853c0ee273a3f8787d7518dd2e
- SHA1
  
  22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8
- SHA256
  
  a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272
- SHA512
  
  30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d
- SSDEEP
  
  192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY
Score

1^/10
behavioral15 behavioral16
- Target
  
  FSE2.exe
- Size
  
  50KB
- MD5
  
  44f37783cd2889a9eb8232c263339e68
- SHA1
  
  cd186e0bc8ecb3e063e68d5923bd5e7b165e3532
- SHA256
  
  d43b4fa2b5b61429905f707959657430fc67a2a23351757b09af15c680e6efbf
- SHA512
  
  65880a8ee81a67e866babc71988f6af31084e690b6e172cfb14c51315accef92a26a73cedac9846ba4348a01b328400d942131b5704a8f91f7c804ae1100d2fd
- SSDEEP
  
  768:VhiPG/q1nVY2kh5yGJMwvH8Ufrg04g0rTpEikGWwd:HzonVXkhVJMwvH5frgsOd
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Fiddler.exe
- Size
  
  1.5MB
- MD5
  
  a5b8c0f51898e9d55e4b3aa7904adf32
- SHA1
  
  5eaff276409670f3e8ce4cbb17086f1362d18868
- SHA256
  
  5e3006a575d4acce2e5e3cec684d7e9a1fbc3efbb73f06f5c4604faebf014ad3
- SHA512
  
  6abf01f09c8c6e430118de27322f4d67bf25018633544556630c47bfa9adc2c1fd186c94119a0b9be6c2d8dead9bbb46a8b1185fe02da2085601b0e9613ad427
- SSDEEP
  
  12288:nkcQS3I8s758yMQhaTqylrpxVKXgDPL5daRtriRStgz+/iUFu0o3AklQvleUl053:rOrc7WeJ3WZwo343m+pmjtSDN
Score

9^/10

discovery evasion persistence privilege_escalation
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral19 behavioral20
- Target
  
  ForceCPU.exe
- Size
  
  19KB
- MD5
  
  b982a103b0d4e0db856026a163124bf3
- SHA1
  
  40772be00068bbd394ff0fccd551151a822f3e70
- SHA256
  
  2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
- SHA512
  
  214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
- SSDEEP
  
  192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score

1^/10
behavioral21 behavioral22
- Target
  
  GA.Analytics.Monitor.dll
- Size
  
  52KB
- MD5
  
  6f9e5c4b5662c7f8d1159edcba6e7429
- SHA1
  
  c7630476a50a953dab490931b99d2a5eca96f9f6
- SHA256
  
  e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
- SHA512
  
  78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
- SSDEEP
  
  768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score

1^/10
behavioral23 behavioral24
- Target
  
  ImportExport/BasicFormats.dll
- Size
  
  124KB
- MD5
  
  034faf419a2e1878f383edbcc7fb1616
- SHA1
  
  7814adc2245d920c826e92d249a3ef835df9160c
- SHA256
  
  a208720a293a0ade9bc0783cdbc351ce5c7746395c2f2fb1ee8f538de054d06d
- SHA512
  
  5f32f46701ad3c5f2336ab2a8d3043ed616b44967ce7704885dba64d09fc1376fd1fd45d7cf038755669748ba8d16dd08cbb28cbcb187a8acb1e4ac24f3bbba7
- SSDEEP
  
  3072:U7oO+xPm/sjzY4WctGYPhfhGr1rERA1TenDV++HOb2f89rv:pxVtTJfz2QQ9rv
Score

1^/10
behavioral25 behavioral26
- Target
  
  ImportExport/VSWebTestExport.dll
- Size
  
  57KB
- MD5
  
  465e56c7b9aaa00dd5ef62279317b0f2
- SHA1
  
  a5ee6ccafb59ef4e7f34c785c3ddf3c39d10e82d
- SHA256
  
  7dc516841f65a2004b127c55c320be350e13d83e2180fcf78700faaa2deeb068
- SHA512
  
  df579ecb8dc6ff4d09ad943531fa3dcca5ce507da54d04c97fd75f470dc8033a5e79b9e50d7de9c6c6598d3c36f11e5f98262e6242b40c337f60d6ac65dba581
- SSDEEP
  
  768:k12VLhSX96KTIvdF9TyT7Enn/IRXILJtGiU83aTU5lhRR2fTLcR2fTOXeN266bl:NtU5CdB/LtrU83asota86bl
Score

1^/10
behavioral27 behavioral28
- Target
  
  Inspectors/QWhale.Common.dll
- Size
  
  192KB
- MD5
  
  ac80e3ca5ec3ed77ef7f1a5648fd605a
- SHA1
  
  593077c0d921df0819d48b627d4a140967a6b9e0
- SHA256
  
  93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
- SHA512
  
  3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
- SSDEEP
  
  1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score

1^/10
behavioral29 behavioral30
- Target
  
  Inspectors/QWhale.Editor.dll
- Size
  
  816KB
- MD5
  
  eaa268802c633f27fcfc90fd0f986e10
- SHA1
  
  21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
- SHA256
  
  fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
- SHA512
  
  c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
- SSDEEP
  
  12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score

1^/10
behavioral31 behavioral32