4055eeef5173a016cf64e2eef509dcafbcf9cc050a9d6f68f2aad2e70619d0ec | Triage

Sharing

General

Target

Wireshark-win32-1.10.14.exe
Size

21.2MB
Sample

240928-nhyvhatbjr
MD5

b818ecbd661ab30a7b50d8d990e70ac7
SHA1

37f74c6f3e73550904e621ae2f5ad342be5762f6
SHA256

4055eeef5173a016cf64e2eef509dcafbcf9cc050a9d6f68f2aad2e70619d0ec
SHA512

56d8ccf33d571ec648afb1da29a122432c9f8b5e01f0cbf8f801f365e67157c00bee828b7bc0354d411ee6589b9debf50e424d39174609f8ded09d1da16ef42c
SSDEEP

393216:WHIZJK/7ohzcofIpL68mDPY8m/7Wt/1S8DCMPMk6A3PCWFLFUxOu2bTXp4nWkm/C:dGOzcppQzY8m/U/1SQVZ6gnECfKWkm/C

Score

9^/10

discovery evasion execution

Malware Config

Targets

- Target
  
  Wireshark-win32-1.10.14.exe
- Size
  
  21.2MB
- MD5
  
  b818ecbd661ab30a7b50d8d990e70ac7
- SHA1
  
  37f74c6f3e73550904e621ae2f5ad342be5762f6
- SHA256
  
  4055eeef5173a016cf64e2eef509dcafbcf9cc050a9d6f68f2aad2e70619d0ec
- SHA512
  
  56d8ccf33d571ec648afb1da29a122432c9f8b5e01f0cbf8f801f365e67157c00bee828b7bc0354d411ee6589b9debf50e424d39174609f8ded09d1da16ef42c
- SSDEEP
  
  393216:WHIZJK/7ohzcofIpL68mDPY8m/7Wt/1S8DCMPMk6A3PCWFLFUxOu2bTXp4nWkm/C:dGOzcppQzY8m/U/1SQVZ6gnECfKWkm/C
Score

9^/10

discovery evasion
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  c17103ae9072a06da581dec998343fc1
- SHA1
  
  b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
- SHA256
  
  dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
- SHA512
  
  d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
- SSDEEP
  
  192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  WinPcap_4_1_3.exe
- Size
  
  893KB
- MD5
  
  a11a2f0cfe6d0b4c50945989db6360cd
- SHA1
  
  e2516fcd1573e70334c8f50bee5241cdfdf48a00
- SHA256
  
  fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de
- SHA512
  
  2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70
- SSDEEP
  
  24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL
Score

7^/10

discovery
- Loads dropped DLL
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  325b008aec81e5aaa57096f05d4212b5
- SHA1
  
  27a2d89747a20305b6518438eff5b9f57f7df5c3
- SHA256
  
  c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b
- SHA512
  
  18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf
- SSDEEP
  
  192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $SYSDIR/Packet.dll
- Size
  
  99KB
- MD5
  
  2ce150705bbeb30e6c8059cc530043aa
- SHA1
  
  3d8615f9d8f8f7a5d78b3c06bf746948b9ef6ba5
- SHA256
  
  cd9f4fb077c25013226e0883f9ae02e9ced9b71f07637081e55ae70fd0788f29
- SHA512
  
  9f7573ca679ef0cc0e1d815f605a399e87f7a046e3e51970d2c7597329b19e118cc2da7240ee854e13e31582f12bab8be506d1612ac81d5b453ef366d4674dcf
- SSDEEP
  
  1536:zbDKMXRC2wKDDuDirGfqs97WcETlsxtl2o+V:PDKMtfuysAcETlsxtco8
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $SYSDIR/pthreadVC.dll
- Size
  
  52KB
- MD5
  
  f04a90f917ba10ae2dcbe859870f4dea
- SHA1
  
  6668ebe373ce58c33017697c477557653427e626
- SHA256
  
  99c61abf41c3aec38cab3ed6270adbca9a247bbf5f9aa9d29ecb0659a5527f48
- SHA512
  
  aec29301b9ce311b27f1590b0e0c4121acdc183a30b570e087d77b7035684f02a6dfbdee950c37f3023b32e2ea5a075a5fbe6d18a2804da9490d4959733bb516
- SSDEEP
  
  384:hSvfC8Vv0Vy7ojuq7GQcdWTc4zU+GFronD/yD5rBEe0kiH32Jp9AhOW:wt+TGQcdWYdMG59EeJiH3YzW
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $SYSDIR/wpcap.dll
- Size
  
  275KB
- MD5
  
  4633b298d57014627831ccac89a2c50b
- SHA1
  
  e5f449766722c5c25fa02b065d22a854b6a32a5b
- SHA256
  
  b967e4dce952f9232592e4c1753516081438702a53424005642700522055dbc9
- SHA512
  
  29590fa5f72e6a36f2b72fc2a2cca35ee41554e13c9995198e740608975621142395d4b2e057db4314edf95520fd32aae8db066444d8d8db0fd06c391111c6d3
- SSDEEP
  
  6144:E4yIm5rC9WNWwKcNBSCiLvK8+jKgZBwIbg2:jyIm59WwpqCuEKIwv2
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  WinPcapInstall.dll
- Size
  
  91KB
- MD5
  
  e78291558cb803dfd091ad8fb56feecc
- SHA1
  
  4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4
- SHA256
  
  d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d
- SHA512
  
  042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f
- SSDEEP
  
  1536:s7xjrG5m+619YG7L2xo8JfmL4iMtgLZtAeYjFH:s7s27yaL4kVtAeE9
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  rpcapd.exe
- Size
  
  115KB
- MD5
  
  83a6c2cafe236652d1559640594a0ea8
- SHA1
  
  c99aa678f387c00c4470fa3cd7b037d26720960d
- SHA256
  
  52360f17c9c70c9cea3316560b40c4d89fd705ed7e6b6088c99fc54d4cc35eb5
- SHA512
  
  4f6981c4e8d64311087795e9639516409bf80ebca5c7f25af1fb436aaccf90f24617ecd3f95b63558981b12bc0e5eeacf120fea7be5e5fa05ecf3afa4f9f799b
- SSDEEP
  
  3072:mL7m5RTfrUna0m2BeIIgJ3155FulLfbt/6:C7m5RTEaseIH515qfA
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  WinSparkle.dll
- Size
  
  1.1MB
- MD5
  
  ac1deea0eb1607e5877ac91b1d7b01f0
- SHA1
  
  05cb1f553f6fcbc1fbd1575d1f9b38b791fdbefc
- SHA256
  
  1acc4bc19c548b4f9eabd5d48618016d8ab1319a275ad279fc56c65c9cbd3fd1
- SHA512
  
  4a723d0fa39b06c6b47f29cd3f57ebde7eb604a9fd629e1ab47b3049139a9182c8dafe3b77e2fab77ad4d982a3bf40169ad56a6311fd1dcf3b50bdbec972b3cb
- SSDEEP
  
  24576:JeqLkelLuPdSLHkhalYC0tcKdGzjW+QvP+MIb8xBouw8xi7djrRF:zUdS4hu4cKdGnQ1Ib8xBouw8xi9NF
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  Wireshark.exe
- Size
  
  3.0MB
- MD5
  
  4f7fba261cc7a9087551f0ce8eb05edf
- SHA1
  
  367035a392ff6bb49b17b049f29ffd34e2a5b06c
- SHA256
  
  a240f34955bb27c57d366ba7d35d803181b02c221256d5ef6ac644687a274dd6
- SHA512
  
  573678d4521c88580a7d0e93bfb900a65ebffa8c7ffff65becdce68687992a40bc6ee987bb2685fb3d696948483a175801bdd3d7e55e832d1fd630e26774c748
- SSDEEP
  
  24576:uj1nEVYx68eyvAheriw1pSXJ7B+2RJxgro1e5bTJPJQ2RE7wXy+Zr62YLxn2IR7V:ujJ6sptcgt5DC+BIRcA+u8h7+PAbDrqR
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  comerr32.dll
- Size
  
  28KB
- MD5
  
  574adfca25fe476a445940ed0b91b64b
- SHA1
  
  03476f226b9eb1c0dd2306e04a109c9b2f6ec6e1
- SHA256
  
  c5ab7c63c85eb65f9b65f079e53b9d2dc0aa2020630285c8b0bd42076d965073
- SHA512
  
  ce58dfa916fbc5a7fb23ef51e565b85bc7abf565d59c568578b387126bb129dbefa262407c48c4b6376638184c0aa5be40d9bfc627cfbd2ec5cb96f1140055d6
- SSDEEP
  
  768:k508AweyBGNcaG6QZ0000000T00S000S00S0300S00S0S0o:BeeI
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  console.lua
- Size
  
  3KB
- MD5
  
  58ed366eeda00df609aef46eb7763c36
- SHA1
  
  579063a72febbc06a7664fe43615523c8d3b282a
- SHA256
  
  b3824b0bda6058deef9528ec9d87b5ccf9bf01c9c7ff5a61906e30f9081712ac
- SHA512
  
  eb8513df5498d125da5f220b92fb9a5d08d66c8f05e5930f183827fb7afd7d02a62ef9edcfcf73858efa8c9f6b2112bfbb4dcc18f625f7c0303d559286a5de83
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  dumpcap.exe
- Size
  
  382KB
- MD5
  
  529291a61a79e599ea0f601819a28a60
- SHA1
  
  448c3e8358b05429a8c6689908d28126a6f5a442
- SHA256
  
  662b84f9b6c90de1b0c52cd99cc1bf7f06c0aa680e0ab987b9c45a6b55e3cec5
- SHA512
  
  57a389f65f71953c6a542ad810103995a562b46d046388d86918aac0c15f8999823a21e16c41deebdbc680b068fde13aef94b98e9b08644fb979855c507acb66
- SSDEEP
  
  3072:1nBDzRQ8apMa8XXiq8sS+yr2rFP0oBjfMh:1nBDPZa8McuSFP90h
Score

3^/10

discovery
behavioral29 behavioral30
- Target
  
  dumpcap.html
- Size
  
  19KB
- MD5
  
  ba718406692fcffcbaaf48da095ba736
- SHA1
  
  e89bfb23723e5a6a83850a41ffd6170f7392b8df
- SHA256
  
  8bea0bf39fb87b73186092aa38d8891f6c176296459b078033cc9616575340a2
- SHA512
  
  7b3f559593c66c1a5f550f856b30e0d4794a0ede638b7795011c201be87dd4394e79a12921c2ab068f0307062f0e3ebd6ae2f1aa010d71a7499ccfa5ba779fb3
- SSDEEP
  
  384:X1ifDXH32D+Ew5Y5aGDBzxIMU9hDxfQ2TyqgRo21551Fu:FmD2KVO5aqBxIr4V9D51o
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

Software Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasion

behavioral2

discoveryevasion

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32