0b82dc0c1bdb222a96f2f4d191fdf4d8e93ca5c41f2c9af2e92882e1c47263f5 | Triage

Sharing

General

Target

okayfreedom-vpn.exe
Size

24.0MB
Sample

240914-tjxlqasdkk
MD5

933b1f49c4b0fddf97ea27225a4ad1cc
SHA1

6028539bc350b5639204a7ffe69c180d55d8246e
SHA256

0b82dc0c1bdb222a96f2f4d191fdf4d8e93ca5c41f2c9af2e92882e1c47263f5
SHA512

417c773614b0ed9f7ae0b30459ec12e1a31391152bffd093c06cca433b95803a35394b954a1a02239b1de32184946d26e5955a8b58349f21fc8cd1304452bc32
SSDEEP

393216:mCxLR1QWG2px4ni6d7bcvdNF/o8stDnTDq+IOu788cKA+iGKELo55KBbKiRc2Scd:mCdROWkni2qF/o9tDnrIb78dKAMKM45C

Score

7^/10

discovery upx

Malware Config

Targets

- Target
  
  okayfreedom-vpn.exe
- Size
  
  24.0MB
- MD5
  
  933b1f49c4b0fddf97ea27225a4ad1cc
- SHA1
  
  6028539bc350b5639204a7ffe69c180d55d8246e
- SHA256
  
  0b82dc0c1bdb222a96f2f4d191fdf4d8e93ca5c41f2c9af2e92882e1c47263f5
- SHA512
  
  417c773614b0ed9f7ae0b30459ec12e1a31391152bffd093c06cca433b95803a35394b954a1a02239b1de32184946d26e5955a8b58349f21fc8cd1304452bc32
- SSDEEP
  
  393216:mCxLR1QWG2px4ni6d7bcvdNF/o8stDnTDq+IOu788cKA+iGKELo55KBbKiRc2Scd:mCdROWkni2qF/o9tDnrIb78dKAMKM45C
Score

7^/10

discovery
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Processes.dll
- Size
  
  348KB
- MD5
  
  a2728829227effbb79cf9916014f672d
- SHA1
  
  8e6150d624fd6ba8c327eb2b8c56e5ebbaada62b
- SHA256
  
  f32c0393685be831c547e3af82bb38075a4a3c802d81b382a48b141809c97e71
- SHA512
  
  891e0bd152eaadea6499642b3ff0f4c75134b7f06706351f6b1640fe270704debcbb3f0d672a4a4af820945817cba6e5e416c0d2e76a979029790ab4a0dcb553
- SSDEEP
  
  6144:mPZ5LKGUBIz8pqdd7781N6Ht9x2MkHEap6K9u564AiX:mPZgk8pqdd7781N6H929u56diX
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/SimpleSC.dll
- Size
  
  1.1MB
- MD5
  
  7b89329c6d8693fb2f6a4330100490a0
- SHA1
  
  851b605cdc1c390c4244db56659b6b9aa8abd22c
- SHA256
  
  1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d
- SHA512
  
  ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a
- SSDEEP
  
  12288:fRdJsAp4dXFcLBz75cwoCmJKHwe6VuoH9v0D/LF5mM6:fBsmyVS151oCmJKE1dv0DX
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  4add245d4ba34b04f213409bfe504c07
- SHA1
  
  ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
- SHA256
  
  9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
- SHA512
  
  1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
- SSDEEP
  
  192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/UAC.dll
- Size
  
  14KB
- MD5
  
  adb29e6b186daa765dc750128649b63d
- SHA1
  
  160cbdc4cb0ac2c142d361df138c537aa7e708c9
- SHA256
  
  2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
- SHA512
  
  b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
- SSDEEP
  
  192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  1d8f01a83ddd259bc339902c1d33c8f1
- SHA1
  
  9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
- SHA256
  
  4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
- SHA512
  
  28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
- SSDEEP
  
  96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsRandom.dll
- Size
  
  21KB
- MD5
  
  ab467b8dfaa660a0f0e5b26e28af5735
- SHA1
  
  596abd2c31eaff3479edf2069db1c155b59ce74d
- SHA256
  
  db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73
- SHA512
  
  7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301
- SSDEEP
  
  384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z
Score

7^/10

discovery upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral13 behavioral14
- Target
  
  7-zip/7-zip.chm
- Size
  
  88KB
- MD5
  
  eb101ac9dc4db7c05ffb636c629384ef
- SHA1
  
  eee66e6bb8b4167b7adaa4e30219ddbdd0b1abe0
- SHA256
  
  bcd680a6b67fb8fc518430ecd459608b693842d54b3256bce608362f4dba8d2e
- SHA512
  
  9d311f8197cdb5a29357dd0541f059f44f6bc5be5cdcfdc5be0651e64328b69504db33e726bb56ce03da2aa395bb23fa35bdb25c71f29976aca90b01638c62c2
- SSDEEP
  
  1536:WdGioBPOzWtepmt0CtWUZ/+rSfff7ehP2NGwJCPn3diFefcI9F0VYapTrsoBk:Z4G0mdZ8cff7ehuH4P3diFOcyq62TQ7
Score

1^/10
behavioral15 behavioral16
- Target
  
  7-zip/7za.exe
- Size
  
  574KB
- MD5
  
  42badc1d2f03a8b1e4875740d3d49336
- SHA1
  
  cee178da1fb05f99af7a3547093122893bd1eb46
- SHA256
  
  c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf
- SHA512
  
  6bc519a7368ee6bd8c8f69f2d634dd18799b4ca31fbc284d2580ba625f3a88b6a52d2bc17bea0e75e63ca11c10356c47ee00c2c500294abcb5141424fc5dc71c
- SSDEEP
  
  12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  OkayFreedomClient.exe
- Size
  
  7.6MB
- MD5
  
  4c9e1e28d93112be98ef1a418090bece
- SHA1
  
  9451d93535c66cc1b7ba34e49784576b761f707e
- SHA256
  
  9bc5a4bdfd47bea1a09771b6742b41ed5d3b00374b9362909ec01775ba00652f
- SHA512
  
  42368b554db1fa31fdd9f6766ac37182f2ccf7ae407c86434e33e5ac422b5f3027117760525051cffbed1367a1cc796a36994c7331d35ce14629accb62a0cc8a
- SSDEEP
  
  196608:v/44BSVd6SE+ul4V3uuSge14jNHQeDZPC:uVo6V3uu1HlQec
Score

1^/10
behavioral19 behavioral20
- Target
  
  res/TEXTSTRINGTABLE/EN_STEGANOSUIDLL.txt
- Size
  
  23KB
- MD5
  
  0eda4913d6f99f805788908dbe6ff564
- SHA1
  
  3c1d28575527587b8dadab6d04c7d006e8f41bfd
- SHA256
  
  7c98414fac74d45ddb5e92dcde509403cb42de78e216e54a1f609adeadd2e9e6
- SHA512
  
  298ae7b670d6b1dcc3b5470aa7fbe356a360b7cc2da3621b1a889184dbcb341a9f9e48e2b45705dc653d14ec168eab5b6859f120892c93f49f75e02c6fd1bd2c
- SSDEEP
  
  384:OaUAi/cG2E7InPGMuxMJlUTQYlBWXzOcxF+3UOP+q8mzaz6NB5CV:OV77AsPuxMBxNM
Score

1^/10
behavioral21 behavioral22
- Target
  
  client.dll
- Size
  
  932KB
- MD5
  
  169b4fc82c8e3d3a56d5efb0cc7d1fda
- SHA1
  
  423c0e13ba47fb6db228504513046e1337a06906
- SHA256
  
  664beecaf8a5a8f578a667b2fec80584bbc036795bd8e703554f760e70aa6593
- SHA512
  
  eb8d2db2157259909b0706cce8fcb539c6a5ce484792fe87ff69ae86167b0cded1487ba04127ab1f7dbb3f80aea2b7a4f21f2878860175800f4e65a9425aebd6
- SSDEEP
  
  24576:IAU5Kw8NipsxwlRSh0bTr5ApwYUjDgZqGa9sHM:jw8NcRSh0bT9bgZqG
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  concrt140.dll
- Size
  
  245KB
- MD5
  
  0338a505daff90b36936fc1418eb112d
- SHA1
  
  8a55fd91bf548a5d65c4ca1088a168b91b90d656
- SHA256
  
  20094beed98a02da4f9fa1bf07a36c38bc10b14a08e7b3f3a46a7ff93941a191
- SHA512
  
  56da5d7fc6ce5ad92b9b5e90bd2235391572a4d57dc844f311de076a01c7e4f3207e15e2eba34997e9d56f05be263a52d1dc1bf595081ece69db1cc9af145cc3
- SSDEEP
  
  6144:ac36PHuORQstn8a9/y46BIgyM5YG+1dfdkznsI0I9sys6Sr6twsCOvPMF12z/fym:13XmWiLfdkYI1C61PMGzg+3
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  msvcp140.dll
- Size
  
  440KB
- MD5
  
  1940325e1e8ca37e09f84545dccd07cd
- SHA1
  
  333952b9b0dbed320539fb30ea77928010bcaadb
- SHA256
  
  83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea
- SHA512
  
  760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28
- SSDEEP
  
  12288:eYYt2J1opDyXTx2vLGNSC8kYE/LryQy+i+hUgiW6QR7t5s03Ooc8dHkC2esrqs6c:eYYt2JODyXTxBNSC8kYE/py+i903Ooc7
Score

3^/10

discovery
behavioral27 behavioral28
- Target
  
  openvpn/7/tap0901.sys
- Size
  
  25KB
- MD5
  
  815e58bc7ef97df42d46d7a24f1251b3
- SHA1
  
  2fc9828cef6a57c1d186c49de5277bdd946f70cf
- SHA256
  
  c34a74fd751aad0014d62cc7ddc879de878e830b261138b5482943d888438c4d
- SHA512
  
  a738774116455d93ca7fe2243c9da1b445b312fc24d299abb7982d0a1b584b6b86e44a2945a60aa47935491c77267c0abe68674185f5a33ce029d1624a740116
- SSDEEP
  
  384:yNOq10OI98jjMJjA4KxmwwuWuDHg00WLSVpZrwIbj9TopXxQJDL23:yN9PjjMA4WRRN+VpjdTqxQv23
Score

1^/10
behavioral29
- Target
  
  openvpn/addtap.bat
- Size
  
  153B
- MD5
  
  febc63026a60d73c0a5d2eac92928350
- SHA1
  
  86e18faa09d199caa7fde7f135d3895929cb500a
- SHA256
  
  ea8a81f97699a1aa74ad8c8e8215507ea0ad3f2a0ded44d538722c5e07dfb088
- SHA512
  
  ef63da39ffc6a08a01247afb0a4eda878e97f8b18683ddec274a0cc7d9811a9d3d0ceeaaca98d35908e23a31f2953b2be440c6d384f5d9f9de963c12e24c9a38
Score

1^/10
behavioral30 behavioral31
- Target
  
  openvpn/deltapall.bat
- Size
  
  194B
- MD5
  
  edba35d87f6c451993ab4d9409b2d302
- SHA1
  
  737e1abe92c08e6b69d6d3a949a5097d8ed849b2
- SHA256
  
  1f59f88711ce83d0550d799aaee8eea0af2c76c3255340efbf7d309c5c71e052
- SHA512
  
  f740400b5ab694a91b209009aed563283f819816c17a7b86301b40e3415f26edae7d6ff7ce6ae785a806d79fe528908f69118201a64d3707e78462109ea4bfe8
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32