Overview
overview
10Static
static
10virus/Froz...ED.exe
windows10-ltsc 2021-x64
10virus/Wire...64.exe
windows10-ltsc 2021-x64
9$PLUGINSDI...ns.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...em.dll
windows10-ltsc 2021-x64
3Qt6Gui.dll
windows10-ltsc 2021-x64
1Qt6Network.dll
windows10-ltsc 2021-x64
1Qt6Svg.dll
windows10-ltsc 2021-x64
1USBPcapSet....0.exe
windows10-ltsc 2021-x64
8WinSparkle.dll
windows10-ltsc 2021-x64
1Wireshark.exe
windows10-ltsc 2021-x64
3brotlicommon.dll
windows10-ltsc 2021-x64
1bz2.dll
windows10-ltsc 2021-x64
1charset-1.dll
windows10-ltsc 2021-x64
1comerr64.dll
windows10-ltsc 2021-x64
1d3dcompiler_47.dll
windows10-ltsc 2021-x64
1snappy.dll
windows10-ltsc 2021-x64
1snmp/mibs/...IB.vbs
windows10-ltsc 2021-x64
1snmp/mibs/...IB.vbs
windows10-ltsc 2021-x64
1snmp/mibs/...IB.vbs
windows10-ltsc 2021-x64
1snmp/mibs/...IB.vbs
windows10-ltsc 2021-x64
1styles/qwi...le.dll
windows10-ltsc 2021-x64
1tls/qcerto...nd.dll
windows10-ltsc 2021-x64
1tls/qopens...nd.dll
windows10-ltsc 2021-x64
1tls/qschan...nd.dll
windows10-ltsc 2021-x64
1tshark.exe
windows10-ltsc 2021-x64
1tshark.html
windows10-ltsc 2021-x64
4vc_redist.x64.exe
windows10-ltsc 2021-x64
7wireshark-filter.html
windows10-ltsc 2021-x64
4wireshark.html
windows10-ltsc 2021-x64
4zlib-ng2.dll
windows10-ltsc 2021-x64
1zlib1.dll
windows10-ltsc 2021-x64
1zstd.dll
windows10-ltsc 2021-x64
1General
-
Target
virus.zip
-
Size
127.8MB
-
Sample
241211-temwqatpfk
-
MD5
0367250f843e110cb170ce9486227aba
-
SHA1
3136aa5c200c5eda477d948eb3b1ee390084cfc6
-
SHA256
8a19e614599148c986d418b262b9c83cf90f791e5dee17ac538e0e05eb595064
-
SHA512
84a3b6252fee96bece3be53c56296837f9c366a8e0f31edd97a18b52c8048dd2bb81f2c6c10c210445e812447dda1d7977a3becf56c82fa5a08a05875ef1179b
-
SSDEEP
3145728:O94ybaR4MnaJhpjTzZtffCdTXVfHPtQiPpunlQ2:O93uieaJTZ1ahXVfvtQm12
Behavioral task
behavioral1
Sample
virus/FrozenPerm_CRACKED.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
virus/Wireshark-4.4.2-x64.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral5
Sample
Qt6Gui.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
Qt6Network.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral7
Sample
Qt6Svg.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral8
Sample
USBPcapSetup-1.5.4.0.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral9
Sample
WinSparkle.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral10
Sample
Wireshark.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral11
Sample
brotlicommon.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral12
Sample
bz2.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral13
Sample
charset-1.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral14
Sample
comerr64.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral15
Sample
d3dcompiler_47.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral16
Sample
snappy.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral17
Sample
snmp/mibs/AGGREGATE-MIB.vbs
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral18
Sample
snmp/mibs/DISMAN-EVENT-MIB.vbs
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral19
Sample
snmp/mibs/DISMAN-EXPRESSION-MIB.vbs
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral20
Sample
snmp/mibs/FRAME-RELAY-DTE-MIB.vbs
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral21
Sample
styles/qwindowsvistastyle.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral22
Sample
tls/qcertonlybackend.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral23
Sample
tls/qopensslbackend.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral24
Sample
tls/qschannelbackend.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral25
Sample
tshark.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral26
Sample
tshark.html
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral27
Sample
vc_redist.x64.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral28
Sample
wireshark-filter.html
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral29
Sample
wireshark.html
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral30
Sample
zlib-ng2.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral31
Sample
zlib1.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral32
Sample
zstd.dll
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
virus/FrozenPerm_CRACKED.exe
-
Size
64.8MB
-
MD5
26500f10c8ceeae8d462d6a3086ab5d3
-
SHA1
5a61e0551ff00378c3d633170b67403e50a9d425
-
SHA256
a8c756a4059a6be18b3a44802403fd388d938ab33677e1a6032d1c6c7741ac0b
-
SHA512
b1198bd575726753782e85334a1250a1fce770cad303941048801a0ac2e70ae680076535faf0c37e19644d561b3b9cc77407c23a358872e7d1c17893eecfcf09
-
SSDEEP
786432:BYS6GKaTYIGiYk+KjotgDqanrcHJB5hOq29p2DrhUcVqttPemFt/W:NmijZpgHJnhOdGrKYmFt/W
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Xmrig family
-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
XMRig Miner payload
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Drops file in System32 directory
-
Enumerates processes with tasklist
-
Suspicious use of SetThreadContext
-
-
-
Target
virus/Wireshark-4.4.2-x64.exe
-
Size
83.2MB
-
MD5
5753792c3617a96786bf3df591ffafdf
-
SHA1
20a4304ff7153e38f07121a76a59f442b369cd42
-
SHA256
69a7f6e94e3744422efbb83528d42dd3ee19c12e253db040c33b75453152dce2
-
SHA512
68d3504b7c561bd9909ecf593b88fb5faf44951a50dc18dc5926241a5502201ee3a5111a2ce018871bdb0cc24f25d7c8057faf5b98e005a067a057b35d2188b3
-
SSDEEP
1572864:JEgr3yLzlPfF5kO8l0/z75q5V9STIO1xOi3QOExUmdeiS3Gl1dN2Ohge1n+pB:JJ3WQPC7g0LOHl/LnrdNpbOB
Score9/10-
Checks for common network interception software
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/InstallOptions.dll
-
Size
15KB
-
MD5
d095b082b7c5ba4665d40d9c5042af6d
-
SHA1
2220277304af105ca6c56219f56f04e894b28d27
-
SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
-
SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
-
SSDEEP
192:EyGQtZkTktEQUrJaZfuyCnSmUsv3sY7L7cW8Y6Q86QvoTr11929WtshLAzgSrX8:EyNt+4t7uJalUnGesY7Lt8nCr/Yosa
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
12KB
-
MD5
4add245d4ba34b04f213409bfe504c07
-
SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
-
SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
-
SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
SSDEEP
192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score3/10 -
-
-
Target
Qt6Gui.dll
-
Size
7.7MB
-
MD5
dc0e346ff97220aa334af1c8a9b8d8ce
-
SHA1
2be851c6d3821c774c83f13eaa37865c42f6ccb8
-
SHA256
c170b7985cf33960feb2a743f29e3530dcfa6dd6b0d2947f9076aa71daedc2ba
-
SHA512
92ff185b94251d1e82a119ff2bedc603aa52bc83b536f44a1cc599b4a803affa14cd75d452b9969123a61d18b9b311e6e764933f43fff95e4dd691fff4b6dc99
-
SSDEEP
49152:8amaceaf9aP9uwwGgyjk/uJRChJRJgsy1vHW1wKJpo4i8uMDG5+m58yFcleGwi9F:Kwwly6hJLy1vwpoCncYsLO3Zq2ckzJZ
Score1/10 -
-
-
Target
Qt6Network.dll
-
Size
1.3MB
-
MD5
390f0f061d9fef60b860f8d410c3499b
-
SHA1
d3df07e02af37f4d5c91261900013cbafe643dfb
-
SHA256
a0212170b3b6732a5006dfe8ddafcdc476773ff6c5389520df95899c6714ec5b
-
SHA512
70256d8a0f0165312cd1c4434b39e530c3154cf5ca756c708025ab7207122fe026ec33f9d4bb38d60ab180ca0f89d2a8c51ba45fca1ea4268a56184d2d23873e
-
SSDEEP
24576:Vl5NRPoIzKWasEM9okn0WvvD+ffc1yR4Trs:VzkUKtsrx77U4c
Score1/10 -
-
-
Target
Qt6Svg.dll
-
Size
355KB
-
MD5
8cd86c9174f9ecbf3dd724b63814e7bb
-
SHA1
bb3d449ce214117a450807d21cfdec91a7006e3c
-
SHA256
8508a0309bbb2cb422e104bd9c6ed0b16b11dd6bb5c9277bf2efcf18745d68f5
-
SHA512
2223049b07c67bd8b22d6c147c432280c79e5cd5e6391952cf9fcd9e3092f6b36ea98cedc5f2cc006d863489a93f101422bf07da372919a075081b6679f25dc2
-
SSDEEP
6144:dC6FC49+ZwIK9wZrQ4uEaf4XPCfLfBAF73J10+KxBz2QSOhpSgq:lAZswZsJScCkh3q
Score1/10 -
-
-
Target
USBPcapSetup-1.5.4.0.exe
-
Size
190KB
-
MD5
93c9b5098b1d42c53c7bdd68fe9cd6cf
-
SHA1
ccfb1497abed432844ad972dea65853dd0e7cba1
-
SHA256
87a7edf9bbbcf07b5f4373d9a192a6770d2ff3add7aa1e276e82e38582ccb622
-
SHA512
dc6b84d0784ae36941615565ff21e8634bf36e3efdaff598d470035157a2f148cd1f10031504476f821cd0ce0180c61ee9fe6a7bd0beb3721c4b1c738f61fef1
-
SSDEEP
3072:PQZmPYFFiorvcQNpDjrc5nMDi93g6HC+0vaiFxMv6mwSARrwPKVvbygEXoHApLG6:PQLFhJXrcVMDcgoCtswShkTAoRA9
Score8/10-
Drops file in Drivers directory
-
Adds Run key to start application
-
-
-
Target
WinSparkle.dll
-
Size
2.3MB
-
MD5
22b50ea2cc218122d5045e44dfc56146
-
SHA1
5b8f505770546bdd7e0f9bf038801dcd3059632f
-
SHA256
ec00ca430c363dc08dc937e729be7fc71f2c1b91c63a11d97cbb9c15e7b9e0b1
-
SHA512
624ead313209ccf719902ddbe760dd4ceb301dca352a7ced1e8fb0bccde09630f98ff8c0b8179d95286f200142a9612527bdbd0c46c659938c98d86e0a302602
-
SSDEEP
49152:yFrJVyRDJBNHBlVQNZLjOlBxj8uoGGH+63:yIflWk8uoGGHX3
Score1/10 -
-
-
Target
Wireshark.exe
-
Size
9.6MB
-
MD5
a6e536a1bfda8f0c8e8e5b1d79ea7845
-
SHA1
dd92b8145a85d8c73b3aefb8f8dc9b30c924b162
-
SHA256
0c6e98e7449f34467d0287baddee200be141828bc047cf78ced82459d7a5bf3e
-
SHA512
37b02444f59efdea8db93ea250865ad32257bd9dc781d918be4083d5be4a4bac990b1ef9b935e0157a87a1043ee89a0ccf5827d1e8606dc5ea55fd5128a5d58e
-
SSDEEP
196608:2n1KwIBQG4P/JAVRCjjCkjGQ5BbU5UjLwM35MzLRBG:2n1KwI7o/JUCjjCkjH5dU5lPRM
Score3/10 -
-
-
Target
brotlicommon.dll
-
Size
145KB
-
MD5
27a57a4f729a32cfbc022101abee7b13
-
SHA1
b45f2d7cab21afe84a63b8622b4b15eb5e7dbd66
-
SHA256
e01a2231218f4f86b4be7ffc59426ea4aba06933d52391e288fae1922954ee9e
-
SHA512
9a5b9c51526032f6a4fb571d702391afe3c7efbd62978d6d07b9dad90846b14f31716eacaab68bffb83892180488466df17c974df71d2fcdd52a4ca35814e54f
-
SSDEEP
3072:8z4lzbWhNbNL8DXGvVh73pbi0tdpvGJaoZB7PxB6wFgCC:U4AhdNorGvHdbi09GJYwFgD
Score1/10 -
-
-
Target
bz2.dll
-
Size
84KB
-
MD5
3843d7c9b73a51e7fd1a705f63ec1b81
-
SHA1
e93e3dc4d5bfdabb56bba58266c5de9acdfb16fa
-
SHA256
5fb74ab4708aa86500f50829dd486c8f0fca32d3fcffce4f254a676a487f7981
-
SHA512
874a9b022a8686e18ec2278e1c02fcd44a110b141e7df9229b0298a0970fd4427f4a795df4c9ab81f01eecb6f9b84cbd9d09f0d293172e13961f6db6034401a3
-
SSDEEP
1536:VEffjEkCmKvsNuVJOSi63icaDNg8kFPKdELCE8QCOVgj6:UucubGvcaJgrPKdELCXQfgO
Score1/10 -
-
-
Target
charset-1.dll
-
Size
22KB
-
MD5
9b8e6332650699f06ca0bc0343293479
-
SHA1
58761e134cbbda32ce3a20c58a085826fcb70f40
-
SHA256
ea3191e3fec618a5b7601880122a4dbe5be1315fcd3a75f95d7e60d036a9949d
-
SHA512
defa453cafe112cc96d21d89283b8f76fa1c57e2fa2ac3cf7c6c75c2045103ec923e324433be0d2a3c4c6b679f90589421d3c57b55023e1f2375c623ad5bb2ca
-
SSDEEP
384:n+ztciVY5LQ/pSpwKNsgxTM9KSJIVE8E9VF0Nyuisv/:+rG5LUHgx82Ei/
Score1/10 -
-
-
Target
comerr64.dll
-
Size
26KB
-
MD5
85bdb624ab650235defc956221c625b7
-
SHA1
01caf52e73ebc52829fd2644a63038f8fc824615
-
SHA256
b2d940aa1d12b8da7ae342243b7f6d7db6aa51cc7be0b891368845bc6113d1b0
-
SHA512
67708568fc0ea9b8fd7c41f726814af6d7955e1a88e557df94b9070bb0549eaad5faf5d05f6f2e2e888eca226c36c480237be6c304133cbe1fe141cbce8e7cf2
-
SSDEEP
384:08dzT3pxkI5fot8Gvb5H8gxLPPL78/Pf2pwKNsgxsBGSJIVE8E9VF0NyTT:LdneVx3xDU/3TgxYf2EJ
Score1/10 -
-
-
Target
d3dcompiler_47.dll
-
Size
4.7MB
-
MD5
682eaada82b934090af0bcd595aad75e
-
SHA1
e68e5e8a4b6c4989f3aa029eb695b7a1087fa684
-
SHA256
649bae9058fa157b39565b56bd6ed9b3d5bb92cdfecac7ee50c7f2cf501d0f3f
-
SHA512
d07db0958acd6762f47b2fcac94468aa1c1dfb0970f88ee4d0efbab2d22e52106be906108710fcb490d4b99c420e7f30e32d0c8cc96a28d994ac5efa0fc15311
-
SSDEEP
49152:iCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvpiD0N+YEzI4og/RfzHLeHTRhFRN2:ZG2QCwmHXnog/pzHAo/A2n
Score1/10 -
-
-
Target
snappy.dll
-
Size
85KB
-
MD5
5dad5058d82ba96c5ee6cf4e01b69b47
-
SHA1
9b24d94e97afdea19d18353e58a85d58cadde1d2
-
SHA256
cc5dceeb72651053f48cf40ab57eb4da715d1197571ec5fefc04ce34bd68d05a
-
SHA512
a3de5920443c730d4156ce1cbdef712002fdb8aea7fafdb13c1dadcf220ab47f121a06fd3fb81c17deda26d264444b221ad9a56e6f868b4a2f6c42a71c644cae
-
SSDEEP
1536:i0a/k4kDs7WSMazGK9K5Urk0iUEHohdvX7y66f+MgTF:3AEha0f+Mgp
Score1/10 -
-
-
Target
snmp/mibs/AGGREGATE-MIB
-
Size
16KB
-
MD5
a24562547ba795c96dec25f7b08217b7
-
SHA1
33c7217f1f5fd3263b17aa167b49d9470b26115f
-
SHA256
6f34f057e82fb6874cf5d93d5f0ffde765e77e706a7eb80d37ae76fd58df803f
-
SHA512
fe2ce35a70f1fbe6c6580f95524e37a5ef00aad4c68fae209589fe43416e0587b0e463554bd93c3ef92e55435ebba39f6066a0d9186405715691b834e436451b
-
SSDEEP
192:/qfAWLdaE4RJuH4stgGRq0XQgrDfsu29Wev/grabpsW++XUO9Go6j:/qfAWCUXgGRDgaf+8ev//VqhO0x
Score1/10 -
-
-
Target
snmp/mibs/DISMAN-EVENT-MIB
-
Size
66KB
-
MD5
6c7bf2eb8aef70b616ed89424e908e6f
-
SHA1
a50ed173ee70103641a804b160a3f8da2d50e0e4
-
SHA256
095bf95ad1000b3e97f2eb605f980c58ef1c9881e8be01047ade616b09073365
-
SHA512
efc75599aca2a12473c2a948627cc51b48eb8e55c5595528b1fd4b19e02042f6c6a82ae5c3b8adfc881d268291b9991890d8cf1007e15ed935a019612573e6d4
-
SSDEEP
768:U+nF3As7M/xAoiZovDouCwcmTtojoBUuo4TUy:UEVA/nD3o4TUy
Score1/10 -
-
-
Target
snmp/mibs/DISMAN-EXPRESSION-MIB
-
Size
41KB
-
MD5
362689166c52ae7fcea208ab537dc442
-
SHA1
84f0489a6ce458e87c7477ce1ed56b74405a0d76
-
SHA256
4c379e2b6acec5f523aa70c1c7b5a8d6cc5688daff06d7385f34357bcc96d751
-
SHA512
1ff08451b45e0cd5943bae4fae5b6601fbc0cb346c0c6f11411096a5d511b5af317605cdd0baee9816af23f1ed7b5c4fbdc06c98c096ade4ba4b8405ab2297e2
-
SSDEEP
768:IUji4lYvGXAprQOgBZD9hH4GuPqeKReUZFWHpRK+FMba12j6Pr:IL4wGXAiOgBZDz5heKhZopRK+eba12j4
Score1/10 -
-
-
Target
snmp/mibs/FRAME-RELAY-DTE-MIB
-
Size
32KB
-
MD5
7aa196b72b4161c6ff37dfa752e089aa
-
SHA1
b0a1125d499c5070a4980e527adfce76da6dc169
-
SHA256
7df9f822131b2bce72072e62b47d99a69fd7f844be295e49882e7247012fb9e4
-
SHA512
c91799625e42eec9cf86814ce5901ce33b6ffc7e5c2f6671c81b4446484d4170f076706901fe9bef23d0dcd70c4261312f19a52d2c1f314b94ff7cb4d815b902
-
SSDEEP
384:T8zrqLq3HFK+JCgvZw1xttp/ZwfF9fiU9qjlluf:TEkIKOCAw1xbKvlcjKf
Score1/10 -
-
-
Target
styles/qwindowsvistastyle.dll
-
Size
138KB
-
MD5
18960af5ccff27b730eb0d5ed49e8154
-
SHA1
ee9e4feb82933e77e53b01ae5cdcc2b667eef32e
-
SHA256
4a82a4e1dcc636f40bdd098e7f9456cf83dc39db64b88366c6d43f024539b35d
-
SHA512
1070449c9125abfbb0ff993d89d84a31ecf806495015ddf768375a98d70339da70019491bc4ffcecf1f51a2c30434bdc24ca92b57574fc9a454f13c917a498b2
-
SSDEEP
3072:acKd1HYMSZAcTrvt4www2OmPBxshbge20NMyKsbyrUmVst7sVpgkNk:acKdGCcTJpXhf20NVKsOrUmVstKgAk
Score1/10 -
-
-
Target
tls/qcertonlybackend.dll
-
Size
95KB
-
MD5
173417f2bc69a3df7ec7f836dc3e1c56
-
SHA1
0be68d947013c066069402cce34be35236b88b51
-
SHA256
2b6e3ef7e1b95f346baf553c6ee963344bd3b96982610fbcc65c18f4f020c08a
-
SHA512
cb314e2af90ee1802bdfbd3ccbdfd5860e068f11b3f5c7fc81c15396d0f93f510693bc5256eb7cad5213fc573769ff3a82bfbc065ca19e87e07330d2da475ca2
-
SSDEEP
1536:ElXjWRvE58Cy2DoYLaCu1V266s+MwWXFnvXx08rT9hI/TU8gYQPs:EtC25v6bKM5FnvSIhI/TU8g/E
Score1/10 -
-
-
Target
tls/qopensslbackend.dll
-
Size
297KB
-
MD5
4f6a0864ae9adbb765294eef8631006e
-
SHA1
ebb05db00b970b9ae249e818cf5939114f2b316d
-
SHA256
7b6dd591609d56b94cc6e12ebc21dec8111973836eb1e5870cbef193ab5c8179
-
SHA512
65f890f211eeb4d02f13248eef2169e8d80e98edcca6a985f1656b80500bcf1b2d3fb42be395019358e988adbf9a2814efc4cc95f0c4f1210b5f49425fd030cf
-
SSDEEP
3072:zuhWIJop9PbsCpoBfdWvtYt/DbxqMRMLqDZMVT8PX5bu5hJrze6N8UU28Ik+cDEE:0Obsdcvk/fxqSgqOo5KZr66xT8Iu44gI
Score1/10 -
-
-
Target
tls/qschannelbackend.dll
-
Size
212KB
-
MD5
1162da012abd78eb60dab47e180e5709
-
SHA1
f1df351a0fb8e77e980cc49494011ec9f8de591e
-
SHA256
0899209073cf2e498bd0047c8599a99fc76c0f3b16d83d78e04d96932080ad17
-
SHA512
76f858d9efff9db5aca688ac5d200932f68d96d702f05e6cc4746a027bd949305b3a5485f9bdebb604d3fabe8900f1c4ca45b0fd77b8f5acb098489732994832
-
SSDEEP
3072:uzULkZWS3lsIY4TuAYS8npM3TnHSdSmtebGPc39rpri0hZ1NL8sZDJxfKkgM:uYapIZM3TnHAmHrdNZDJxxgM
Score1/10 -
-
-
Target
tshark.exe
-
Size
592KB
-
MD5
2ea08963d7c33cfd032ac38a5106e031
-
SHA1
9b82dc9392024da18ba7e8833063ac1fbfd85373
-
SHA256
c711d53933f2cb330fa29fd7e3fbb2b3c7495e289d1145ac3568440ac857335d
-
SHA512
45c80108fc25912ef192cfb83d6c0ff60b4ed97184db69deb376c6d7014f5d39cf1dcde23c3096ea3748436e3def362a1c49995826dd6791b031e53f79aa263b
-
SSDEEP
12288:GubLQqrR8vTbWIVz421upKOlnf/jkBCiwtmBjFP9ld:hXQqrRkXzCpKOxf/jkBy0Bbd
Score1/10 -
-
-
Target
tshark.html
-
Size
170KB
-
MD5
b5e344abcdf0677575e8be2606dd2fc3
-
SHA1
3d5efe0b6ccfb468ce2d0422488f26a798a64c2e
-
SHA256
b3d26fed35b6396a88df15ebddb4d734c80f71c85ccb27ff15972c1db50ba05a
-
SHA512
676ebebaa091f60f1c0f910878d5a2ac04c032aa416f80637d6fcc2537a48af78b1775acde4875542737178e199b25537c0927781adc0656dbb09bfbe8a8cc9c
-
SSDEEP
1536:8qrDFUCzqjDytjei8hec3Ac6aZBGn75Lihffs+uxNQ9idHWML2eg21IIx1+hQYKE:fFnBINAPk3g1l6c5cxbEOIs8l6
Score4/10 -
-
-
Target
vc_redist.x64.exe
-
Size
24.3MB
-
MD5
689d09bce45c75db883db7e78b6f4e9b
-
SHA1
ba92a00f0f55dcae85c1bbd098efe606bd080b3c
-
SHA256
814e9da5ec5e5d6a8fa701999d1fc3baddf7f3adc528e202590e9b1cb73e4a11
-
SHA512
4db5078fdd9eb9ce00a1b6195a67c779a1d3c719de0fbd4729adbdac2d8ca442cf4e0a31aa40d213f29617ec073f1a7e42570dcc2f931eb9534c45f1ec6de253
-
SSDEEP
786432:moKpx5hYBug51MMlQi7PZdJXiq1+N76JupzS:Upx56Bu61FZPZdxQcUzS
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
wireshark-filter.html
-
Size
40KB
-
MD5
645384995a7b92472d037230ca6deba3
-
SHA1
69749ffbf8d3944cd9dfef3676f4d6eb176ba502
-
SHA256
6a5d0dc67590fb71dca2656bf6a3231567811dc54f25dfd1969978eb8dbba2c1
-
SHA512
ca0f3d84be3e91a0290eedde4c3b01951eb29d3d63bc4bcbdd2d04b3b5f9d4cc0b934def66eb48ab86beba1ace4c81285d4332e16419e6c71a5b13ca2b234d4a
-
SSDEEP
768:iTAC3SIM7p5Pqn5P5IBcNX3DJcTh7KgCndd4nJrRwgK:iTAOSIM7p5uZdOTh7Y+J9C
Score4/10 -
-
-
Target
wireshark.html
-
Size
90KB
-
MD5
b1b577aa72a5ce09e1f55430a5c1d5e5
-
SHA1
3e382d61fb495972fe1c6703462fa2fcf11f85c6
-
SHA256
f240ad9e0bc57b0a9fcea77ce3d97edba3419f796b11d30bbb9928cfaef48a94
-
SHA512
0348479682d6d8907d161e8363ec8fbbb5b484b7befde2a1c438d3a72d6cb54fe9d55b4a4e64d557efa3946732c075eaa821164c27b0e47570fa1c65d8fce17d
-
SSDEEP
1536:cJ3xciRYuumMQjI3ijGCMHjQgBmR1R1cqgvgx2Z+FJlw5K0erDaH/soJBZ3iEZsJ:BBzQycJ3gQK+1Rc0
Score4/10 -
-
-
Target
zlib-ng2.dll
-
Size
141KB
-
MD5
98a0411ccef95e43f6d0b1cf8f7fee03
-
SHA1
7bf8ef64c53c3febc30e025594831f4946ed9f98
-
SHA256
a8707289e20817b09d660ff6747443ba268ccb3c38ea6194710dc95a38370ffc
-
SHA512
11b26453636042606f8baf108d33301194c6c0a7d30203b55848fff6565133e99701b879af332d40c28f51f0d90df73e36db6c5b861295a60a0a71966018c8e9
-
SSDEEP
3072:p2+sAq1ab1FCzfmc6FTd1PHcvPa40/jmOYKfap/wgYC:p28qa/CzfmD1DPHgPa4ojmOYKfapogh
Score1/10 -
-
-
Target
zlib1.dll
-
Size
98KB
-
MD5
51c05bd6859085855f3d2d6ef29eb237
-
SHA1
9765455c5c3b27c761521e0ebc961d4f8d713960
-
SHA256
f71ff462c590a6530bbc557a1e89c22e2224024c71c80560d0a19a6bd2d84a27
-
SHA512
3a66c86460d19745726c3e008121af8e7bd11d762365af0d494051990c6a30715cb78c6569c5f3d4b06e68b89fe467abc55b9cdab7b0674774a8905a450d2189
-
SSDEEP
1536:abwDHM2gn1rhkWUpqk0CmJ3lz4bqIOcIOZ8dmkGn6bygdL:a8DH/g1hUpC3Kb4SZ8dmfn6bygB
Score1/10 -
-
-
Target
zstd.dll
-
Size
651KB
-
MD5
616226acc2772ca42a4e7dd6b3881965
-
SHA1
0a9d6f57c3e2c65f678e41d9aab6afcfbb708652
-
SHA256
c67bd3e7555abbd3c32f9bfa1307f47cb682f6e1045ad5da09e03c3dfa34f6bb
-
SHA512
495305f808c554e092134f51d823f6ef22346f8f3991d6ddccb0d39efdd961bdc8faff820e6cfa8736879e19bbc4b3a478e934283bec99189643a0196ddb8eb4
-
SSDEEP
12288:PJwehitzeWqU0Kp4RZpAoEyiFssTNVrfLzsyt2RiD:PJ/2ERZpAodi2sTNVrfLzsS2RiD
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
1Modify Registry
1Obfuscated Files or Information
1Command Obfuscation
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Process Discovery
1Query Registry
7Software Discovery
1System Information Discovery
8System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Wi-Fi Discovery
1