Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FiddlerSetup.5.0.20242.10753-latest.exe

  • Size

    4.4MB

  • Sample

    241010-l2tnsaygkk

  • MD5

    78537045a5e032d4ac93514f027c7a47

  • SHA1

    5b6e705b20652c0cf39ee890013b9b8e8ad26b07

  • SHA256

    06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c

  • SHA512

    8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47

  • SSDEEP

    98304:pNB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:pNRdnRkgCNGyJ/IJYR7vsOKwGYO

Malware Config

Targets

    • Target

      FiddlerSetup.5.0.20242.10753-latest.exe

    • Size

      4.4MB

    • MD5

      78537045a5e032d4ac93514f027c7a47

    • SHA1

      5b6e705b20652c0cf39ee890013b9b8e8ad26b07

    • SHA256

      06812518a722af6f98fbd8c3a5ace0cad1c6d53477972618728e64bafcbc948c

    • SHA512

      8fee84a791ae85175b7d61b54c66fc47abd4e231b7194779d2213f94c388b23e3f8e0408a1f29856b2a0404d824f17858f6b0676f6a1656428424665658c4a47

    • SSDEEP

      98304:pNB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:pNRdnRkgCNGyJ/IJYR7vsOKwGYO

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/FiddlerSetup.exe

    • Size

      4.3MB

    • MD5

      5d96b95b066d797c7c468d125882ddcf

    • SHA1

      8a130db5e4f6207b70939c5007d6689c22378c7d

    • SHA256

      7ea1a09eeab47eb4658938bf4a023c6231de726ad076fde189c3383ffb4091fe

    • SHA512

      fd746263b0aad96e90468aac664a3f02af20c2291e03138cf201d68036bd8ce26cc36b5fdc4e97ae5f93c65a5660de91988e3ee7156359de509fea9b4308550a

    • SSDEEP

      98304:uB6cDqnTgnRkidZ7C0eNGyJW3lE4RrtRmrpIZhGuul38YR7O8sOKduG8xOvC:uRdnRkgCNGyJ/IJYR7vsOKwGYO

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Modifies Windows Firewall

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    • Target

      Analytics.dll

    • Size

      32KB

    • MD5

      1c2bd080b0e972a3ee1579895ea17b42

    • SHA1

      a09454bc976b4af549a6347618f846d4c93b769b

    • SHA256

      166e1a6cf86b254525a03d1510fe76da574f977c012064df39dd6f4af72a4b29

    • SHA512

      946e56d543a6d00674d8fa17ecd9589cba3211cfa52c978e0c9dab0fa45cdfc7787245d14308f5692bd99d621c0caca3c546259fcfa725fff9171b144514b6e0

    • SSDEEP

      384:gpeCB0nVQ/EMq7+Zi9nQwnHgfLtVUEoBXejF6XFlnwnYPLYyTcGq1y2h33XcQ7:/U0VQMMrZi9QiHWtVxOFxwxGqXR7

    Score
    1/10
    • Target

      Be.Windows.Forms.HexBox.dll

    • Size

      60KB

    • MD5

      e6f7b8c5ec4d1543eaa7f5d148c6327c

    • SHA1

      61a5bf82b4f7da4040f76e7aec4b4b5fe0c544ec

    • SHA256

      bbfd21490a4be96e1a44a92e39406e87978aea1fc58b603702e4e21a143dd89e

    • SHA512

      6f4516677937f6d58d250f7b6a50f3815691f84ac17e455dd09dc6d4ecc215a8a8ea000706885c858708603223661908067ed36c037766a52d15f2eb33af1fc4

    • SSDEEP

      1536:/KS4Z+5ZUOxinOGm7kF5Gw5qQ0DaK/nbL0LolKo4I/AhYe:T4ZkiHOGT0Dpf08Bve

    Score
    1/10
    • Target

      DotNetZip.dll

    • Size

      449KB

    • MD5

      11bbdf80d756b3a877af483195c60619

    • SHA1

      99aca4f325d559487abc51b0d2ebd4dca62c9462

    • SHA256

      698e4beeba26363e632cbbb833fc8000cf85ab5449627bf0edc8203f05a64fa1

    • SHA512

      ad9c16481f95c0e7cf5158d4e921ca7534f580310270fa476e9ebd15d37eee2ab43e11c12d08846eae153f0b43fba89590d60ca00551f5096076d3cf6aa4ce29

    • SSDEEP

      6144:WuCIjULqwIvFC/scNRmglrCYc9vnIJtrGtSV41kJDsTDDfiSLe6XOxLV/f:kDLZrPtLWn7S4csHiSe6+ff

    Score
    1/10
    • Target

      EnableLoopback.exe

    • Size

      82KB

    • MD5

      ea240c9d733ad54a79faaca19ba8d376

    • SHA1

      2c1d1b3aa6aec6e6e7af7f64637029971a37ba77

    • SHA256

      2c2aa55ab99b5a34eb78ded93e46c4d5fef44077847281e124473c20de5cf165

    • SHA512

      d3815bf7b5af7aa5dbf717f404bdac9538adeaff57cf6ec38c3724d7179fb1f31231009941a671bdd15516e47ff346afa8738bc399c4e57cb840def6821f6464

    • SSDEEP

      768:JyEI16zcI2eTcvE+m/ljPb0O7/Al25znrSh7A+g4CqnZ86qmmlk8x3Oqxf1mlZxd:K1H50wOLFzrSh7QwZhxmlk8xDfInfZ

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      ExecAction.exe

    • Size

      19KB

    • MD5

      519310853c0ee273a3f8787d7518dd2e

    • SHA1

      22c4e25c4c4c2b5654d05cd6a1e737c6bcb588d8

    • SHA256

      a23c852d3ed4148044708925e56e17246cdb88d6ecaaa375503fa1f915ba1272

    • SHA512

      30e51202416ab2d0bac9cd294d08c12d7973e75696283b1823c6442033698f85075d14dcd79fb1f56886f4491981b1e278d3a506e5e458a1eee6bb372d5e683d

    • SSDEEP

      192:ZsCrRJUlWDSnYe+PjPxucwwSoDvucwwfih5H0JOqxEV1a//bZ28WhTEn:GGOZnYPLxoAjo4S+JNY1cAhhY

    Score
    1/10
    • Target

      FSE2.exe

    • Size

      50KB

    • MD5

      7a8df7276257139271a09a8947da44e5

    • SHA1

      965c788156e2e29b6d1012430afee0cad13093b0

    • SHA256

      8b0b9859af32d467fb7031ac8164779ffdb274cdaff959d89d11a65a365c8e12

    • SHA512

      2769f62f0de76726c33cb0eae42c933806ddceae6c1f97d16302c575a8955fe33d4388824ca2a2c1269b09755e42b82fa5dceca825bd19e3e83ed43f97ca1f79

    • SSDEEP

      768:ShiPG/qCn02KhWZH8Ufrg04g0r/pECkG9wR:KzrnKhWZH5frgc1R

    Score
    3/10
    • Target

      Fiddler.exe

    • Size

      3.5MB

    • MD5

      32cf2e7c6ae825d5f7cb2a7d39c2ee24

    • SHA1

      262176d879e7727375025cae4aafc90698adad26

    • SHA256

      d7ea71114bfe70383c1ac2be6dd19676805a0afb6e20c0ad3000018afad093e5

    • SHA512

      a72e70f1a11d4443aedc56a2453cb3ed05bd8106b0e906364f23f01098a378440d2d86ac15f6d98ceedfe18b0a60d80f6806300b390c2969c3de97cb380b82c2

    • SSDEEP

      49152:0Ms91NvXsJm+5Tti9og1fcaufet3YG5kCTnEsRH0jgB3:RsfNvXsJm+5TtiTMfeJnEsRHAgt

    Score
    3/10
    • Target

      ForceCPU.exe

    • Size

      19KB

    • MD5

      b982a103b0d4e0db856026a163124bf3

    • SHA1

      40772be00068bbd394ff0fccd551151a822f3e70

    • SHA256

      2d209c2b823e350c1f1661f87a3a013804302477afe56877f94adbafe7a2e06d

    • SHA512

      214ecdf348e2093e91a489c0541f05eb3356e2531c1840a99d9f727caf1130f5041ccbc6356a7bc31fb4dece927d3fee2fa9e4689d2badbe680fd40104a9d327

    • SSDEEP

      192:fHtIemmfltxD5WLtWwiyT5hNGnYe+PjPxucwwyibSucwwQJk35H0JOqxEV1a//bG:xD5WLZ5qnYPLxoDfoDg+JNY1cAhhv

    Score
    1/10
    • Target

      GA.Analytics.Monitor.dll

    • Size

      52KB

    • MD5

      6f9e5c4b5662c7f8d1159edcba6e7429

    • SHA1

      c7630476a50a953dab490931b99d2a5eca96f9f6

    • SHA256

      e3261a13953f4bedec65957b58074c71d2e1b9926529d48c77cfb1e70ec68790

    • SHA512

      78fd28a0b19a3dae1d0ae151ce09a42f7542de816222105d4dafe1c0932586b799b835e611ce39a9c9424e60786fbd2949cabac3f006d611078e85b345e148c8

    • SSDEEP

      768:7su21mzJ3+LDDke5WcsvOvHOQ+5bQZdKXJccxYi:7qmByvke5Wcs22QRGKLi

    Score
    1/10
    • Target

      ImportExport/BasicFormats.dll

    • Size

      112KB

    • MD5

      c9082ffd90962aac6d73d4f15d6803cb

    • SHA1

      c22fc9a534c9560870c9a0a8d7c694788c69fa8c

    • SHA256

      7f3ea7caf5d43f610b9ad20f3f09796847e4b8f4582dc6ff94029194e8905e0a

    • SHA512

      96bf93650a007c1dbf197a849977b8bb574fa89fd9eb316f906f46b2194473347ecacbab572a4dfb7ffe0987d44caa29312a7b1fbc3d8f14a6a0bda14e5e86e2

    • SSDEEP

      3072:z5zlHe5PmFt6DRIn9TQupG9c1rERA1TenjV++HOHbIE:rlUJ2g

    Score
    1/10
    • Target

      ImportExport/VSWebTestExport.dll

    • Size

      44KB

    • MD5

      7ee8a7354eff978914cfbe88620fa15f

    • SHA1

      28cb0017666f583011e4cdc28496359d0ef2721f

    • SHA256

      4b990716c98167940986b1d219ea7d60bc8ff11eb0a325cf52f8706d2759a32d

    • SHA512

      8db5641837a64b3310f7b05ebb648c5bab2d8b51afabbdc5fe08011eb664516c0ca9e1bec8520870f121cb3a2b62c380933684237a2810f096fb70065a55abb8

    • SSDEEP

      768:HbJ9YyrdngCT7Enn/IRXILJtGiU83aT7TTox1qxf1mlZxfmK:FyEI/LtrU83aXoxKfInfm

    Score
    1/10
    • Target

      Inspectors/QWhale.Common.dll

    • Size

      192KB

    • MD5

      ac80e3ca5ec3ed77ef7f1a5648fd605a

    • SHA1

      593077c0d921df0819d48b627d4a140967a6b9e0

    • SHA256

      93b0f5d3a2a8a82da1368309c91286ee545b9ed9dc57ad1b31c229e2c11c00b5

    • SHA512

      3ecc0fe3107370cb5ef5003b5317e4ea0d78bd122d662525ec4912dc30b8a1849c4fa2bbb76e6552b571f156d616456724aee6cd9495ae60a7cb4aaa6cf22159

    • SSDEEP

      1536:jnPlSpsvrGlP3wYeBKpqmSNbgM9ZtZLZQErK3PmIDXRtFhCj6ocpjyc44lc:rlSpsnQCg4ZtZmECfRtF0cpjy94lc

    Score
    1/10
    • Target

      Inspectors/QWhale.Editor.dll

    • Size

      816KB

    • MD5

      eaa268802c633f27fcfc90fd0f986e10

    • SHA1

      21f3a19d6958bcfe9209df40c4fd8e7c4ce7a76f

    • SHA256

      fe26c7e4723bf81124cdcfd5211b70f5e348250ae74b6c0abc326f1084ec3d54

    • SHA512

      c0d6559fc482350c4ed5c5a9a0c0c58eec0a1371f5a254c20ae85521f5cec4c917596bc2ec538c665c3aa8e7ee7b2d3d322b3601d69b605914280ff38315bb47

    • SSDEEP

      12288:vC84TFHhCRR87er17m62l/YpMVuRWGoN0ty6B:vC9T+R87er325wMVuRaGtPB

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral2

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral3

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral4

discoveryevasionpersistenceprivilege_escalation
Score
9/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
7/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

discovery
Score
3/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10