Overview

overview

8

Static

static

1

freedom-ma...ig.cpp

windows10-1703-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    freedom-master.zip

  • Size

    1.2MB

  • Sample

    231119-saetwaae32

  • MD5

    0431030eec81a6473d94c2e190d6e1ff

  • SHA1

    7cdb2b75ea001baec11680b6065b4eb71490eafd

  • SHA256

    0e357a0922965f0ea8897fbf3363c347daa75097dc91a7812136c91ee912a2c2

  • SHA512

    9e8f88cf540a969bfc9fd4eda79c24ea2a9c20504a11342d9189edac102d73a32ddb9797974959725041220cdca38df49c7b76d8cfb29cff4a899f299281a4d2

  • SSDEEP

    24576:YZMwkw2QLT1GyqLj8JRoFND0e0AJfhundxqfWeji0tBGozTG79yt6Vsr:YZMwxTklX8JRk0PvxWBjiqr

Score
8/10

Malware Config

Targets

    • Target

      freedom-master/freedom/config.cpp

    • Size

      7KB

    • MD5

      92e91ab2f30d3f72fe19e9d6b4312852

    • SHA1

      c00866586336f658bb65753c2d7d22a736059cc4

    • SHA256

      09b3be3d32b02c5fc9fb7d87c849c314069573dc2b9a36a0a2c535727dff2679

    • SHA512

      67bd23c514d49dd80af15246bd88a15261945f7612b9a81fa76329cca6b7595b9e411dacc5ce39ce859ef4f0670d36bd61a4cd31831cfb71132fee7e3a73d50e

    • SSDEEP

      192:BDQvs6WVf6QOXHk61abDMybMI5MFvseOGmwMrPPMmdJD3MseSuT4RaKgjmcNo:BDQvs6cKEAaHBBl9GpOla0

    Score
    8/10

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks