acbf56c935ee70f6ed11eb6dbc790a030bab97f69f2166a74df0a4bd709fa2e0 | Triage

Sharing

General

Target

freedomgpt-1.1.2.Setup.exe
Size

94.8MB
Sample

230502-zqqdwace52
MD5

d5a4206a94a54ef822c7fb919f50df81
SHA1

e1ec3f08578b2f8e342fdb4527194fb115a44acc
SHA256

acbf56c935ee70f6ed11eb6dbc790a030bab97f69f2166a74df0a4bd709fa2e0
SHA512

bc2c48258af79bf5d9b97dd0a35d7deb8d03a64a4174614a06860948ae4bc48ccb3cfd14e8a342b31d6484ba87c4c03c450cfd1916dd9f3f5e6d858946e316c5
SSDEEP

1572864:cSpvrBAu74kSOkPFYmRw+N61uKtWYNvRz4G1Q+NzYY2qYtc391NCHnF1FLTcPrq1:/bAuMOkdYvptjhZ4eQ+Nb2qYtc39jCHL

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  freedomgpt-1.1.2.Setup.exe
- Size
  
  94.8MB
- MD5
  
  d5a4206a94a54ef822c7fb919f50df81
- SHA1
  
  e1ec3f08578b2f8e342fdb4527194fb115a44acc
- SHA256
  
  acbf56c935ee70f6ed11eb6dbc790a030bab97f69f2166a74df0a4bd709fa2e0
- SHA512
  
  bc2c48258af79bf5d9b97dd0a35d7deb8d03a64a4174614a06860948ae4bc48ccb3cfd14e8a342b31d6484ba87c4c03c450cfd1916dd9f3f5e6d858946e316c5
- SSDEEP
  
  1572864:cSpvrBAu74kSOkPFYmRw+N61uKtWYNvRz4G1Q+NzYY2qYtc391NCHnF1FLTcPrq1:/bAuMOkdYvptjhZ4eQ+Nb2qYtc39jCHL
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2