Overview
overview
9Static
static
3Wireshark-...64.exe
windows7-x64
4Wireshark-...64.exe
windows10-2004-x64
9$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Qt6Core.dll
windows7-x64
1Qt6Core.dll
windows10-2004-x64
1Qt6Core5Compat.dll
windows7-x64
1Qt6Core5Compat.dll
windows10-2004-x64
1Qt6Gui.dll
windows7-x64
1Qt6Gui.dll
windows10-2004-x64
1Qt6Multimedia.dll
windows7-x64
1Qt6Multimedia.dll
windows10-2004-x64
1Qt6Network.dll
windows7-x64
1Qt6Network.dll
windows10-2004-x64
1Qt6PrintSupport.dll
windows7-x64
1Qt6PrintSupport.dll
windows10-2004-x64
1Qt6Svg.dll
windows7-x64
1Qt6Svg.dll
windows10-2004-x64
1Qt6Widgets.dll
windows7-x64
1Qt6Widgets.dll
windows10-2004-x64
1USBPcapSet....0.exe
windows7-x64
4USBPcapSet....0.exe
windows10-2004-x64
8$PLUGINSDI...re.dll
windows7-x64
3$PLUGINSDI...re.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3USBPcap.sys
windows7-x64
1USBPcap.sys
windows10-2004-x64
1General
-
Target
Wireshark-4.4.1-x64.exe
-
Size
83.2MB
-
Sample
241113-w9ke7axdpq
-
MD5
01031c48a2d1417a33999b121ea77caf
-
SHA1
2ec7a04154538d63dad26e9e527ad55fa50ccf01
-
SHA256
456aec8658baee56ff4add4bcfd95ed532219536b568b5e45106a0120921e58d
-
SHA512
51b2353d98ec177178b17c10f6f01835bb48050356c6167c28264fb5c2fb61f61375a19bf8fcb33e2cdbc0454e3cb313f97bc8a6bf0da98bab309454595ee796
-
SSDEEP
1572864:vN2QvJB8fE33FRu3agN+1jPevw8KniCcD+veXTjeJBNns0LuaMmC8M5yPpTeL:vdUfEFRu3rN+1jeKrcy++z9sYu/mCVy+
Static task
static1
Behavioral task
behavioral1
Sample
Wireshark-4.4.1-x64.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Wireshark-4.4.1-x64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Qt6Core.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Qt6Core.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Qt6Core5Compat.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Qt6Core5Compat.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Qt6Gui.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
Qt6Gui.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Qt6Multimedia.dll
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
Qt6Multimedia.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
Qt6Network.dll
Resource
win7-20241010-en
Behavioral task
behavioral18
Sample
Qt6Network.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
Qt6PrintSupport.dll
Resource
win7-20241023-en
Behavioral task
behavioral20
Sample
Qt6PrintSupport.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Qt6Svg.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Qt6Svg.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Qt6Widgets.dll
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
Qt6Widgets.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
USBPcapSetup-1.5.4.0.exe
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
USBPcapSetup-1.5.4.0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/SysRestore.dll
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/SysRestore.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241010-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
USBPcap.sys
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
USBPcap.sys
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Wireshark-4.4.1-x64.exe
-
Size
83.2MB
-
MD5
01031c48a2d1417a33999b121ea77caf
-
SHA1
2ec7a04154538d63dad26e9e527ad55fa50ccf01
-
SHA256
456aec8658baee56ff4add4bcfd95ed532219536b568b5e45106a0120921e58d
-
SHA512
51b2353d98ec177178b17c10f6f01835bb48050356c6167c28264fb5c2fb61f61375a19bf8fcb33e2cdbc0454e3cb313f97bc8a6bf0da98bab309454595ee796
-
SSDEEP
1572864:vN2QvJB8fE33FRu3agN+1jPevw8KniCcD+veXTjeJBNns0LuaMmC8M5yPpTeL:vdUfEFRu3rN+1jeKrcy++z9sYu/mCVy+
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
d095b082b7c5ba4665d40d9c5042af6d
-
SHA1
2220277304af105ca6c56219f56f04e894b28d27
-
SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
-
SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
-
SSDEEP
192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
1d8f01a83ddd259bc339902c1d33c8f1
-
SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
-
SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
-
SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
-
SSDEEP
96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score3/10 -
-
-
Target
Qt6Core.dll
-
Size
5.5MB
-
MD5
76b1fa9dcde30721db81421c451b6e0a
-
SHA1
967e1f335a70689c5350edd9fc2c18a4514e6178
-
SHA256
a34ef6c16886e7888ff7737fb133944fa62f51c0d409c98575dba7972f171bde
-
SHA512
6927ee98bd7dadb1949611061927608638d16ef6f26b87437d41b83bb6276c1691d6c33f55af3d3249d37201793c258b5f1164d08478d3e085867858efed95b8
-
SSDEEP
98304:VDkwsW29n3+bSgjKFdu9CwJsv6t9Olb/3WVH:VDxd29nQjKFdu9CwJsv6t9OF/3WV
Score1/10 -
-
-
Target
Qt6Core5Compat.dll
-
Size
813KB
-
MD5
0a085f46d7a5c380f7e8a06a05b67059
-
SHA1
60f257947968bfd3e7188af2deae6be3b2763c04
-
SHA256
118ddedaf4efce693b5d911a1932a8ff588d9afc0d4e89b1e3d7588ebe479934
-
SHA512
7d5f106d3991770cab17d31852cc93873b1627a53cfc5a5fd84199f79e918cf9225d4de82951dc82801908f7be155fdfd0a8d1010b7150b280a500e426e74dde
-
SSDEEP
12288:7sTHRVkwi3HJwsEDyqOwlXgPGE/4717VKIABDPzHkSFGGofY4fAvLrpHD:mxVkwiXTED94G7VUDPTOJferJD
Score1/10 -
-
-
Target
Qt6Gui.dll
-
Size
7.7MB
-
MD5
bc1ad6ca77aaf01abac6b55fe9cff1d4
-
SHA1
513f8a42fa3a3b59362fba4c1e36e971eeb1f15a
-
SHA256
db96fed71863e707c5f97cfdbd33a772340fcee3e741a169b01aac3abc47753c
-
SHA512
6c464d3838c3eec5c4e407115c9c5b2211919cd04909698b4ca7a02f8e9417271592f8d51617ca68337660c7af66e6e6975a738e812de0f790da8149066c569e
-
SSDEEP
49152:Namaceaf9aP9uwwGgyjk/uJRChJRJgsy1vHW1wKJpo4i8uMDG5+m58yFcleGwi9W:Fwwly6hJLy1vwpoCncYsLO3Zq2ckzJ6
Score1/10 -
-
-
Target
Qt6Multimedia.dll
-
Size
748KB
-
MD5
18231556c7f9ae2d1902a609136904b2
-
SHA1
a0caef05fa65d250a9686daec0e2474a1fe67ba3
-
SHA256
1dab6bc320815cde16a3e8ebd590041512baab01a51b351870c8f38cc1e0b553
-
SHA512
ac9a5e2edae2dd7fd9e2819364964fd24c95ec0bb32d16d534a42e1e54dd3e9a641756a441a22041075aab11ebe1086110238d09a4ceb3343c213012b06a3aef
-
SSDEEP
12288:gGt1Y0c3r9gviiFct9iuApf6rAxX5i0yp:gGPHc3r9gvikct9C5Typ
Score1/10 -
-
-
Target
Qt6Network.dll
-
Size
1.3MB
-
MD5
3d0bd9c56934ce6861cda4570d835305
-
SHA1
9b4201ec9bdd6deda8f339b8eeedabd9e4012320
-
SHA256
696460f26fc3c9fb69572685964561d89adbd8a3f28b8d1790241f99fecc5254
-
SHA512
7f35dbfd22433142f9871f86f1898dfcfb1775afd416d408ce0b74e7d98a16200f0dcc61eaa7fb0ff7684c12ae6914c5d55d1bf0aa52d1171bddb0a0c31c113d
-
SSDEEP
24576:Ll5NRPoIzKWasEM9okn0WvvD+ffc1yR4Tei:LzkUKtsrx77U43
Score1/10 -
-
-
Target
Qt6PrintSupport.dll
-
Size
383KB
-
MD5
82ff7379efb71d233a4580dce5ee382d
-
SHA1
3e0afb30530cc1fffd47153053de164616063095
-
SHA256
1855239c1563db62dae5506e3ded0be844712e1b081d423b2e0299cff9bf457d
-
SHA512
e98ee947f35a9ab3913cfe299d801987cd5ca2d32dcc0ae5dc85f60d9e7cade490b739e39591f31c2a18da5e110aea0b0825cd4056b00adc63086e3daad85281
-
SSDEEP
6144:OUZ5OFp+gAa06dubwzIvpDsT5A2Bqa5sGp4sxvNs9DfpTb3+qRitlj0RwQLyk3OY:OwOFQK06d4wzopEs6C
Score1/10 -
-
-
Target
Qt6Svg.dll
-
Size
355KB
-
MD5
357685141098f498fb374bca365fe751
-
SHA1
86850065257959ab07b083748736beea0399a6b4
-
SHA256
8b8c4c58f6056c9325b05047eba07dd9293d6fb29a376eb6ad30f1e6477af668
-
SHA512
8834518ec294bc4ee72ebbc7a49db07bafe0421ff4f67ca85aedadd05c7fd8c67a07ef22879efd9be3e9864a8a93f46031b4fde52437fc21a5ab5c1445fb8108
-
SSDEEP
6144:PC6FC49+ZwIK9wZrQ4uEaf4XPCfLfBAF73J10+KxBz2QSOhpSgA:7AZswZsJScCkh3A
Score1/10 -
-
-
Target
Qt6Widgets.dll
-
Size
5.7MB
-
MD5
34ee65dbba76d89a4cbab5235d488d74
-
SHA1
e8548c6d501ab4c6ceeb0d5d4ec009fded7d598d
-
SHA256
ded2ab6d145fa1a68cd546d45b7ce289461c83bfcfd9302bccb68c4651314c20
-
SHA512
f2e657775c949f10043f3ac34e1fbc9b1c0ccb0894fa96f22365d3a68a0d4ee30b69a6a820410cdd5544f1e31f8bf46d355931c039e480a1e8afbeb784d37521
-
SSDEEP
98304:yTrj+BuRRXjDWPh6YPQE/SmC5ofj3BIkKBf:+j+BuRRTDWPcYPQE/SHor3cx
Score1/10 -
-
-
Target
USBPcapSetup-1.5.4.0.exe
-
Size
190KB
-
MD5
93c9b5098b1d42c53c7bdd68fe9cd6cf
-
SHA1
ccfb1497abed432844ad972dea65853dd0e7cba1
-
SHA256
87a7edf9bbbcf07b5f4373d9a192a6770d2ff3add7aa1e276e82e38582ccb622
-
SHA512
dc6b84d0784ae36941615565ff21e8634bf36e3efdaff598d470035157a2f148cd1f10031504476f821cd0ce0180c61ee9fe6a7bd0beb3721c4b1c738f61fef1
-
SSDEEP
3072:PQZmPYFFiorvcQNpDjrc5nMDi93g6HC+0vaiFxMv6mwSARrwPKVvbygEXoHApLG6:PQLFhJXrcVMDcgoCtswShkTAoRA9
Score8/10-
Drops file in Drivers directory
-
Adds Run key to start application
-
-
-
Target
$PLUGINSDIR/SysRestore.dll
-
Size
5KB
-
MD5
c1e07f0ea14ebf4142176d340ed421f3
-
SHA1
f3524213ebbb53b4ce9ae1a1172897d4438445ed
-
SHA256
9176c65e37d931edeeb51f9deb1ab9b5ac2d1c6311ad85339bb79f0f2840b2a9
-
SHA512
3e69f403bdd041ce9da91307659645f44a760360e69e986c1740b04be0dd66bfa017ce8783f9f4f81d545eb43eb68df09c90c8391c2a417cf611064dba5453a6
-
SSDEEP
48:KSOluw74Rqzy+uMD2CWoI7Npom7QEDQY/6232uK6hmX3//fTQvSl5B0KQg8mmad8:Glu03/Dwz53dKNEv05B030neZV36s
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
0063d48afe5a0cdc02833145667b6641
-
SHA1
e7eb614805d183ecb1127c62decb1a6be1b4f7a8
-
SHA256
ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
-
SHA512
71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0
-
SSDEEP
192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
Score3/10 -
-
-
Target
USBPcap.sys
-
Size
51KB
-
MD5
01304fc31498030c789e80910a356e6b
-
SHA1
8a8da048c75a6a587b7636ade603cc611b3c4833
-
SHA256
f340a8cf2f127be2e6b558586b76b51ba5e8c58c462a8d9eecc1955771cb2974
-
SHA512
48921040e1108478f5bc5969ede09c9fdc1cb76df05cee47fd97502343e2975b0e161607596eaf6e384586e006da4820adbd65937d65d51e14fb9bdcb4d4c7fd
-
SSDEEP
768:Fv9neO3gPvnCORE+KvWt74cTuzWoYKpuYuYZFb2aL3hP0p33b0gj:inbtYUYfb283hP0tI
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1