General

  • Target

    Wireshark-4.4.1-x64.exe

  • Size

    83.2MB

  • Sample

    241113-w9ke7axdpq

  • MD5

    01031c48a2d1417a33999b121ea77caf

  • SHA1

    2ec7a04154538d63dad26e9e527ad55fa50ccf01

  • SHA256

    456aec8658baee56ff4add4bcfd95ed532219536b568b5e45106a0120921e58d

  • SHA512

    51b2353d98ec177178b17c10f6f01835bb48050356c6167c28264fb5c2fb61f61375a19bf8fcb33e2cdbc0454e3cb313f97bc8a6bf0da98bab309454595ee796

  • SSDEEP

    1572864:vN2QvJB8fE33FRu3agN+1jPevw8KniCcD+veXTjeJBNns0LuaMmC8M5yPpTeL:vdUfEFRu3rN+1jeKrcy++z9sYu/mCVy+

Malware Config

Targets

    • Target

      Wireshark-4.4.1-x64.exe

    • Size

      83.2MB

    • MD5

      01031c48a2d1417a33999b121ea77caf

    • SHA1

      2ec7a04154538d63dad26e9e527ad55fa50ccf01

    • SHA256

      456aec8658baee56ff4add4bcfd95ed532219536b568b5e45106a0120921e58d

    • SHA512

      51b2353d98ec177178b17c10f6f01835bb48050356c6167c28264fb5c2fb61f61375a19bf8fcb33e2cdbc0454e3cb313f97bc8a6bf0da98bab309454595ee796

    • SSDEEP

      1572864:vN2QvJB8fE33FRu3agN+1jPevw8KniCcD+veXTjeJBNns0LuaMmC8M5yPpTeL:vdUfEFRu3rN+1jeKrcy++z9sYu/mCVy+

    Score
    9/10
    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      15KB

    • MD5

      d095b082b7c5ba4665d40d9c5042af6d

    • SHA1

      2220277304af105ca6c56219f56f04e894b28d27

    • SHA256

      b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

    • SHA512

      61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

    • SSDEEP

      192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      1d8f01a83ddd259bc339902c1d33c8f1

    • SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

    • SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

    • SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

    • SSDEEP

      96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc

    Score
    3/10
    • Target

      Qt6Core.dll

    • Size

      5.5MB

    • MD5

      76b1fa9dcde30721db81421c451b6e0a

    • SHA1

      967e1f335a70689c5350edd9fc2c18a4514e6178

    • SHA256

      a34ef6c16886e7888ff7737fb133944fa62f51c0d409c98575dba7972f171bde

    • SHA512

      6927ee98bd7dadb1949611061927608638d16ef6f26b87437d41b83bb6276c1691d6c33f55af3d3249d37201793c258b5f1164d08478d3e085867858efed95b8

    • SSDEEP

      98304:VDkwsW29n3+bSgjKFdu9CwJsv6t9Olb/3WVH:VDxd29nQjKFdu9CwJsv6t9OF/3WV

    Score
    1/10
    • Target

      Qt6Core5Compat.dll

    • Size

      813KB

    • MD5

      0a085f46d7a5c380f7e8a06a05b67059

    • SHA1

      60f257947968bfd3e7188af2deae6be3b2763c04

    • SHA256

      118ddedaf4efce693b5d911a1932a8ff588d9afc0d4e89b1e3d7588ebe479934

    • SHA512

      7d5f106d3991770cab17d31852cc93873b1627a53cfc5a5fd84199f79e918cf9225d4de82951dc82801908f7be155fdfd0a8d1010b7150b280a500e426e74dde

    • SSDEEP

      12288:7sTHRVkwi3HJwsEDyqOwlXgPGE/4717VKIABDPzHkSFGGofY4fAvLrpHD:mxVkwiXTED94G7VUDPTOJferJD

    Score
    1/10
    • Target

      Qt6Gui.dll

    • Size

      7.7MB

    • MD5

      bc1ad6ca77aaf01abac6b55fe9cff1d4

    • SHA1

      513f8a42fa3a3b59362fba4c1e36e971eeb1f15a

    • SHA256

      db96fed71863e707c5f97cfdbd33a772340fcee3e741a169b01aac3abc47753c

    • SHA512

      6c464d3838c3eec5c4e407115c9c5b2211919cd04909698b4ca7a02f8e9417271592f8d51617ca68337660c7af66e6e6975a738e812de0f790da8149066c569e

    • SSDEEP

      49152:Namaceaf9aP9uwwGgyjk/uJRChJRJgsy1vHW1wKJpo4i8uMDG5+m58yFcleGwi9W:Fwwly6hJLy1vwpoCncYsLO3Zq2ckzJ6

    Score
    1/10
    • Target

      Qt6Multimedia.dll

    • Size

      748KB

    • MD5

      18231556c7f9ae2d1902a609136904b2

    • SHA1

      a0caef05fa65d250a9686daec0e2474a1fe67ba3

    • SHA256

      1dab6bc320815cde16a3e8ebd590041512baab01a51b351870c8f38cc1e0b553

    • SHA512

      ac9a5e2edae2dd7fd9e2819364964fd24c95ec0bb32d16d534a42e1e54dd3e9a641756a441a22041075aab11ebe1086110238d09a4ceb3343c213012b06a3aef

    • SSDEEP

      12288:gGt1Y0c3r9gviiFct9iuApf6rAxX5i0yp:gGPHc3r9gvikct9C5Typ

    Score
    1/10
    • Target

      Qt6Network.dll

    • Size

      1.3MB

    • MD5

      3d0bd9c56934ce6861cda4570d835305

    • SHA1

      9b4201ec9bdd6deda8f339b8eeedabd9e4012320

    • SHA256

      696460f26fc3c9fb69572685964561d89adbd8a3f28b8d1790241f99fecc5254

    • SHA512

      7f35dbfd22433142f9871f86f1898dfcfb1775afd416d408ce0b74e7d98a16200f0dcc61eaa7fb0ff7684c12ae6914c5d55d1bf0aa52d1171bddb0a0c31c113d

    • SSDEEP

      24576:Ll5NRPoIzKWasEM9okn0WvvD+ffc1yR4Tei:LzkUKtsrx77U43

    Score
    1/10
    • Target

      Qt6PrintSupport.dll

    • Size

      383KB

    • MD5

      82ff7379efb71d233a4580dce5ee382d

    • SHA1

      3e0afb30530cc1fffd47153053de164616063095

    • SHA256

      1855239c1563db62dae5506e3ded0be844712e1b081d423b2e0299cff9bf457d

    • SHA512

      e98ee947f35a9ab3913cfe299d801987cd5ca2d32dcc0ae5dc85f60d9e7cade490b739e39591f31c2a18da5e110aea0b0825cd4056b00adc63086e3daad85281

    • SSDEEP

      6144:OUZ5OFp+gAa06dubwzIvpDsT5A2Bqa5sGp4sxvNs9DfpTb3+qRitlj0RwQLyk3OY:OwOFQK06d4wzopEs6C

    Score
    1/10
    • Target

      Qt6Svg.dll

    • Size

      355KB

    • MD5

      357685141098f498fb374bca365fe751

    • SHA1

      86850065257959ab07b083748736beea0399a6b4

    • SHA256

      8b8c4c58f6056c9325b05047eba07dd9293d6fb29a376eb6ad30f1e6477af668

    • SHA512

      8834518ec294bc4ee72ebbc7a49db07bafe0421ff4f67ca85aedadd05c7fd8c67a07ef22879efd9be3e9864a8a93f46031b4fde52437fc21a5ab5c1445fb8108

    • SSDEEP

      6144:PC6FC49+ZwIK9wZrQ4uEaf4XPCfLfBAF73J10+KxBz2QSOhpSgA:7AZswZsJScCkh3A

    Score
    1/10
    • Target

      Qt6Widgets.dll

    • Size

      5.7MB

    • MD5

      34ee65dbba76d89a4cbab5235d488d74

    • SHA1

      e8548c6d501ab4c6ceeb0d5d4ec009fded7d598d

    • SHA256

      ded2ab6d145fa1a68cd546d45b7ce289461c83bfcfd9302bccb68c4651314c20

    • SHA512

      f2e657775c949f10043f3ac34e1fbc9b1c0ccb0894fa96f22365d3a68a0d4ee30b69a6a820410cdd5544f1e31f8bf46d355931c039e480a1e8afbeb784d37521

    • SSDEEP

      98304:yTrj+BuRRXjDWPh6YPQE/SmC5ofj3BIkKBf:+j+BuRRTDWPcYPQE/SHor3cx

    Score
    1/10
    • Target

      USBPcapSetup-1.5.4.0.exe

    • Size

      190KB

    • MD5

      93c9b5098b1d42c53c7bdd68fe9cd6cf

    • SHA1

      ccfb1497abed432844ad972dea65853dd0e7cba1

    • SHA256

      87a7edf9bbbcf07b5f4373d9a192a6770d2ff3add7aa1e276e82e38582ccb622

    • SHA512

      dc6b84d0784ae36941615565ff21e8634bf36e3efdaff598d470035157a2f148cd1f10031504476f821cd0ce0180c61ee9fe6a7bd0beb3721c4b1c738f61fef1

    • SSDEEP

      3072:PQZmPYFFiorvcQNpDjrc5nMDi93g6HC+0vaiFxMv6mwSARrwPKVvbygEXoHApLG6:PQLFhJXrcVMDcgoCtswShkTAoRA9

    • Drops file in Drivers directory

    • Adds Run key to start application

    • Target

      $PLUGINSDIR/SysRestore.dll

    • Size

      5KB

    • MD5

      c1e07f0ea14ebf4142176d340ed421f3

    • SHA1

      f3524213ebbb53b4ce9ae1a1172897d4438445ed

    • SHA256

      9176c65e37d931edeeb51f9deb1ab9b5ac2d1c6311ad85339bb79f0f2840b2a9

    • SHA512

      3e69f403bdd041ce9da91307659645f44a760360e69e986c1740b04be0dd66bfa017ce8783f9f4f81d545eb43eb68df09c90c8391c2a417cf611064dba5453a6

    • SSDEEP

      48:KSOluw74Rqzy+uMD2CWoI7Npom7QEDQY/6232uK6hmX3//fTQvSl5B0KQg8mmad8:Glu03/Dwz53dKNEv05B030neZV36s

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      0063d48afe5a0cdc02833145667b6641

    • SHA1

      e7eb614805d183ecb1127c62decb1a6be1b4f7a8

    • SHA256

      ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7

    • SHA512

      71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0

    • SSDEEP

      192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4

    Score
    3/10
    • Target

      USBPcap.sys

    • Size

      51KB

    • MD5

      01304fc31498030c789e80910a356e6b

    • SHA1

      8a8da048c75a6a587b7636ade603cc611b3c4833

    • SHA256

      f340a8cf2f127be2e6b558586b76b51ba5e8c58c462a8d9eecc1955771cb2974

    • SHA512

      48921040e1108478f5bc5969ede09c9fdc1cb76df05cee47fd97502343e2975b0e161607596eaf6e384586e006da4820adbd65937d65d51e14fb9bdcb4d4c7fd

    • SSDEEP

      768:Fv9neO3gPvnCORE+KvWt74cTuzWoYKpuYuYZFb2aL3hP0p33b0gj:inbtYUYfb283hP0tI

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

discovery
Score
4/10

behavioral2

discoveryevasion
Score
9/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discovery
Score
4/10

behavioral26

discoverypersistence
Score
8/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

Score
1/10

behavioral32

Score
1/10