06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c

Sharing

Copy URL

Twitter E-mail

General

Target

FiddlerSetup.5.0.20242.10753-latest.exe
Size

4.4MB
Sample

241010-l2tnsaygkk
MD5

78537045a5e032d4ac93514f027c7a47
SHA1

5b6e705b20652c0cf39ee890013b9b8e8ad26b07
SHA256

06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c
SHA512

8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47
SSDEEP

98304:pNB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:pNRdnRkgCNGyJ/IJYR7vsOKwGYO

Score

9^/10

Malware Config

Targets

- Target
  
  FiddlerSetup.5.0.20242.10753-latest.exe
- Size
  
  4.4MB
- MD5
  
  78537045a5e032d4ac93514f027c7a47
- SHA1
  
  5b6e705b20652c0cf39ee890013b9b8e8ad26b07
- SHA256
  
  06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c
- SHA512
  
  8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47
- SSDEEP
  
  98304:pNB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:pNRdnRkgCNGyJ/IJYR7vsOKwGYO
Score

9^/10

discovery evasion persistence privilege_escalation
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/FiddlerSetup.exe
- Size
  
  4.3MB
- MD5
  
  5d96b95b066d797c7c468d125882ddcf
- SHA1
  
  8a130db5e4f6207b70939c5007d6689c22378c7d
- SHA256
  
  7ea1a09eeab47eb4658938bf4a023c6231de726ad076fde189c3383ffb4091fe
- SHA512
  
  fd746263b0aad96e90468aac664a3f02af20c2291e03138cf201d68036bd8ce26cc36b5fdc4e97ae5f93c65a5660de91988e3ee7156359de509fea9b4308550a
- SSDEEP
  
  98304:uB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:uRdnRkgCNGyJ/IJYR7vsOKwGYO
Score

9^/10

discovery evasion persistence privilege_escalation
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Analytics.dll
- Size
  
  32KB
- MD5
  
  1c2bd080b0e972a3ee1579895ea17b42
- SHA1
  
  a09454bc976b4af549a6347618f846d4c93b769b
- SHA256
  
  166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29
- SHA512
  
  946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0
- SSDEEP
  
  384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7
Score

1^/10
behavioral7 behavioral8
- Target
  
  Be.Windows.Forms.HexBox.dll
- Size
  
  60KB
- MD5
  
  e6f7b8c5ec4d1543eaa7f5d148c6327c
- SHA1
  
  61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec
- SHA256
  
  bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e
- SHA512
  
  6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4
- SSDEEP
  
  1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve
Score

1^/10
behavioral10 behavioral9
- Target
  
  DotNetZip.dll
- Size
  
  449KB
- MD5
  
  11bbdf80d756b3a877af483195c60619
- SHA1
  
  99aca4f325d559487abc51b0d2ebd4dca62c9462
- SHA256
  
  698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1
- SHA512
  
  ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29
- SSDEEP
  
  6144:WuCIjULqwIvFC/scNRmglrCYc9vnIJtrGtSV41kJDsTDDfiSLe6XOxLV/f:kDLZrPtLWn7S4csHiSe6+ff
Score

1^/10
behavioral11 behavioral12
- Target
  
  EnableLoopback.exe
- Size
  
  82KB
- MD5
  
  ea240c9d733ad54a79faaca19ba8d376
- SHA1
  
  2c1d1b3aa6aec6e6e7af7f64637029971a37ba77
- SHA256
  
  2c2aa55ab99b5a34eb78ded93e46c4d5fef44077847281e124473c20de5cf165
- SHA512
  
  d3815bf7b5af7aa5dbf717f404bdac9538adeaff57cf6ec38c3724d7179fb1f31231009941a671bdd15516e47ff346afa8738bc399c4e57cb840def6821f6464
- SSDEEP
  
  768:JyEI16zcI2eTcvE+m/ljPb0O7/Al25znrSh7A+g4CqnZ86qmmlk8x3Oqxf1mlZxd:K1H50wOLFzrSh7QwZhxmlk8xDfInfZ
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  ExecAction.exe
- Size
  
  19KB
- MD5
  
  519310853c0ee273a3f8787d7518dd2e
- SHA1
  
  22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8
- SHA256
  
  a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272
- SHA512
  
  30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d
- SSDEEP
  
  192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY
Score

1^/10
behavioral15 behavioral16
- Target
  
  FSE2.exe
- Size
  
  50KB
- MD5
  
  7a8df7276257139271a09a8947da44e5
- SHA1
  
  965c788156e2e29b6d1012430afee0cad13093b0
- SHA256
  
  8b0b9859af32d467fb7031ac8164779ffdb274cdaff959d89d11a65a365c8e12
- SHA512
  
  2769f62f0de76726c33cb0eae42c933806ddceae6c1f97d16302c575a8955fe33d4388824ca2a2c1269b09755e42b82fa5dceca825bd19e3e83ed43f97ca1f79
- SSDEEP
  
  768:ShiPG/qCn02KhWZH8Ufrg04g0r/pECkG9wR:KzrnKhWZH5frgc1R
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Fiddler.exe
- Size
  
  3.5MB
- MD5
  
  32cf2e7c6ae825d5f7cb2a7d39c2ee24
- SHA1
  
  262176d879e7727375025cae4aafc90698adad26
- SHA256
  
  d7ea71114bfe70383c1ac2be6dd19676805a0afb6e20c0ad3000018afad093e5
- SHA512
  
  a72e70f1a11d4443aedc56a2453cb3ed05bd8106b0e906364f23f01098a378440d2d86ac15f6d98ceedfe18b0a60d80f6806300b390c2969c3de97cb380b82c2
- SSDEEP
  
  49152:0Ms91NvXsJm+5Tti9og1fcaufet3YG5kCTnEsRH0jgB3:RsfNvXsJm+5TtiTMfeJnEsRHAgt
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  ForceCPU.exe
- Size
  
  19KB
- MD5
  
  b982a103b0d4e0db856026a163124bf3
- SHA1
  
  40772be00068bbd394ff0fccd551151a822f3e70
- SHA256
  
  2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d
- SHA512
  
  214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327
- SSDEEP
  
  192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv
Score

1^/10
behavioral21 behavioral22
- Target
  
  GA.Analytics.Monitor.dll
- Size
  
  52KB
- MD5
  
  6f9e5c4b5662c7f8d1159edcba6e7429
- SHA1
  
  c7630476a50a953dab490931b99d2a5eca96f9f6
- SHA256
  
  e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790
- SHA512
  
  78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8
- SSDEEP
  
  768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi
Score

1^/10
behavioral23 behavioral24
- Target
  
  ImportExport/BasicFormats.dll
- Size
  
  112KB
- MD5
  
  c9082ffd90962aac6d73d4f15d6803cb
- SHA1
  
  c22fc9a534c9560870c9a0a8d7c694788c69fa8c
- SHA256
  
  7f3ea7caf5d43f610b9ad20f3f09796847e4b8f4582dc6ff94029194e8905e0a
- SHA512
  
  96bf93650a007c1dbf197a849977b8bb574fa89fd9eb316f906f46b2194473347ecacbab572a4dfb7ffe0987d44caa29312a7b1fbc3d8f14a6a0bda14e5e86e2
- SSDEEP
  
  3072:z5zlHe5PmFt6DRIn9TQupG9c1rERA1TenjV++HOHbIE:rlUJ2g
Score

1^/10
behavioral25 behavioral26
- Target
  
  ImportExport/VSWebTestExport.dll
- Size
  
  44KB
- MD5
  
  7ee8a7354eff978914cfbe88620fa15f
- SHA1
  
  28cb0017666f583011e4cdc28496359d0ef2721f
- SHA256
  
  4b990716c98167940986b1d219ea7d60bc8ff11eb0a325cf52f8706d2759a32d
- SHA512
  
  8db5641837a64b3310f7b05ebb648c5bab2d8b51afabbdc5fe08011eb664516c0ca9e1bec8520870f121cb3a2b62c380933684237a2810f096fb70065a55abb8
- SSDEEP
  
  768:HbJ9YyrdngCT7Enn/IRXILJtGiU83aT7TTox1qxf1mlZxfmK:FyEI/LtrU83aXoxKfInfm
Score

1^/10
behavioral27 behavioral28
- Target
  
  Inspectors/QWhale.Common.dll
- Size
  
  192KB
- MD5
  
  ac80e3ca5ec3ed77ef7f1a5648fd605a
- SHA1
  
  593077c0d921df0819d48b627d4a140967a6b9e0
- SHA256
  
  93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5
- SHA512
  
  3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159
- SSDEEP
  
  1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc
Score

1^/10
behavioral29 behavioral30
- Target
  
  Inspectors/QWhale.Editor.dll
- Size
  
  816KB
- MD5
  
  eaa268802c633f27fcfc90fd0f986e10
- SHA1
  
  21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f
- SHA256
  
  fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54
- SHA512
  
  c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47
- SSDEEP
  
  12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB
Score

1^/10
behavioral31 behavioral32