General

  • Target

    okayfreedom-vpn.exe

  • Size

    24.0MB

  • Sample

    240914-yedehasdrc

  • MD5

    933b1f49c4b0fddf97ea27225a4ad1cc

  • SHA1

    6028539bc350b5639204a7ffe69c180d55d8246e

  • SHA256

    0b82dc0c1bdb222a96f2f4d191fdf4d8e93ca5c41f2c9af2e92882e1c47263f5

  • SHA512

    417c773614b0ed9f7ae0b30459ec12e1a31391152bffd093c06cca433b95803a35394b954a1a02239b1de32184946d26e5955a8b58349f21fc8cd1304452bc32

  • SSDEEP

    393216:mCxLR1QWG2px4ni6d7bcvdNF/o8stDnTDq+IOu788cKA+iGKELo55KBbKiRc2Scd:mCdROWkni2qF/o9tDnrIb78dKAMKM45C

Score
7/10

Malware Config

Targets

    • Target

      okayfreedom-vpn.exe

    • Size

      24.0MB

    • MD5

      933b1f49c4b0fddf97ea27225a4ad1cc

    • SHA1

      6028539bc350b5639204a7ffe69c180d55d8246e

    • SHA256

      0b82dc0c1bdb222a96f2f4d191fdf4d8e93ca5c41f2c9af2e92882e1c47263f5

    • SHA512

      417c773614b0ed9f7ae0b30459ec12e1a31391152bffd093c06cca433b95803a35394b954a1a02239b1de32184946d26e5955a8b58349f21fc8cd1304452bc32

    • SSDEEP

      393216:mCxLR1QWG2px4ni6d7bcvdNF/o8stDnTDq+IOu788cKA+iGKELo55KBbKiRc2Scd:mCdROWkni2qF/o9tDnrIb78dKAMKM45C

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/Processes.dll

    • Size

      348KB

    • MD5

      a2728829227effbb79cf9916014f672d

    • SHA1

      8e6150d624fd6ba8c327eb2b8c56e5ebbaada62b

    • SHA256

      f32c0393685be831c547e3af82bb38075a4a3c802d81b382a48b141809c97e71

    • SHA512

      891e0bd152eaadea6499642b3ff0f4c75134b7f06706351f6b1640fe270704debcbb3f0d672a4a4af820945817cba6e5e416c0d2e76a979029790ab4a0dcb553

    • SSDEEP

      6144:mPZ5LKGUBIz8pqdd7781N6Ht9x2MkHEap6K9u564AiX:mPZgk8pqdd7781N6H929u56diX

    Score
    3/10
    • Target

      $PLUGINSDIR/SimpleSC.dll

    • Size

      1.1MB

    • MD5

      7b89329c6d8693fb2f6a4330100490a0

    • SHA1

      851b605cdc1c390c4244db56659b6b9aa8abd22c

    • SHA256

      1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d

    • SHA512

      ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a

    • SSDEEP

      12288:fRdJsAp4dXFcLBz75cwoCmJKHwe6VuoH9v0D/LF5mM6:fBsmyVS151oCmJKE1dv0DX

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      4add245d4ba34b04f213409bfe504c07

    • SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

    • SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

    • SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

    • SSDEEP

      192:VjHcQ0qWTlt7wi5Aj/lM0sEWD/wtYbBjpNQybC7y+XZv0QPi:B/Qlt7wiij/lMRv/9V4bvr

    Score
    3/10
    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      14KB

    • MD5

      adb29e6b186daa765dc750128649b63d

    • SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

    • SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

    • SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • SSDEEP

      192:DiF6v2imI36Op/tGZGfWxdyWHD0I53vLl7WVl8e04IpDlPjs:DGVY6ClGoWxXH75T1WVl83lLs

    Score
    3/10
    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      1d8f01a83ddd259bc339902c1d33c8f1

    • SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

    • SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

    • SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

    • SSDEEP

      96:o4Ev02zUu56FcS817eTaXx85qHFcUcxSgB5PKtAtoniJninnt3DVEB3YsNqkzfFc:o4EvCu5e81785qHFcU0PuAw0uyGIFc

    Score
    3/10
    • Target

      $PLUGINSDIR/nsRandom.dll

    • Size

      21KB

    • MD5

      ab467b8dfaa660a0f0e5b26e28af5735

    • SHA1

      596abd2c31eaff3479edf2069db1c155b59ce74d

    • SHA256

      db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

    • SHA512

      7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

    • SSDEEP

      384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z

    Score
    7/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      7-zip/7-zip.chm

    • Size

      88KB

    • MD5

      eb101ac9dc4db7c05ffb636c629384ef

    • SHA1

      eee66e6bb8b4167b7adaa4e30219ddbdd0b1abe0

    • SHA256

      bcd680a6b67fb8fc518430ecd459608b693842d54b3256bce608362f4dba8d2e

    • SHA512

      9d311f8197cdb5a29357dd0541f059f44f6bc5be5cdcfdc5be0651e64328b69504db33e726bb56ce03da2aa395bb23fa35bdb25c71f29976aca90b01638c62c2

    • SSDEEP

      1536:WdGioBPOzWtepmt0CtWUZ/+rSfff7ehP2NGwJCPn3diFefcI9F0VYapTrsoBk:Z4G0mdZ8cff7ehuH4P3diFOcyq62TQ7

    Score
    1/10
    • Target

      7-zip/7za.exe

    • Size

      574KB

    • MD5

      42badc1d2f03a8b1e4875740d3d49336

    • SHA1

      cee178da1fb05f99af7a3547093122893bd1eb46

    • SHA256

      c136b1467d669a725478a6110ebaaab3cb88a3d389dfa688e06173c066b76fcf

    • SHA512

      6bc519a7368ee6bd8c8f69f2d634dd18799b4ca31fbc284d2580ba625f3a88b6a52d2bc17bea0e75e63ca11c10356c47ee00c2c500294abcb5141424fc5dc71c

    • SSDEEP

      12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A

    Score
    3/10
    • Target

      OkayFreedomClient.exe

    • Size

      7.6MB

    • MD5

      4c9e1e28d93112be98ef1a418090bece

    • SHA1

      9451d93535c66cc1b7ba34e49784576b761f707e

    • SHA256

      9bc5a4bdfd47bea1a09771b6742b41ed5d3b00374b9362909ec01775ba00652f

    • SHA512

      42368b554db1fa31fdd9f6766ac37182f2ccf7ae407c86434e33e5ac422b5f3027117760525051cffbed1367a1cc796a36994c7331d35ce14629accb62a0cc8a

    • SSDEEP

      196608:v/44BSVd6SE+ul4V3uuSge14jNHQeDZPC:uVo6V3uu1HlQec

    Score
    1/10
    • Target

      res/TEXTSTRINGTABLE/EN_STEGANOSUIDLL.txt

    • Size

      23KB

    • MD5

      0eda4913d6f99f805788908dbe6ff564

    • SHA1

      3c1d28575527587b8dadab6d04c7d006e8f41bfd

    • SHA256

      7c98414fac74d45ddb5e92dcde509403cb42de78e216e54a1f609adeadd2e9e6

    • SHA512

      298ae7b670d6b1dcc3b5470aa7fbe356a360b7cc2da3621b1a889184dbcb341a9f9e48e2b45705dc653d14ec168eab5b6859f120892c93f49f75e02c6fd1bd2c

    • SSDEEP

      384:OaUAi/cG2E7InPGMuxMJlUTQYlBWXzOcxF+3UOP+q8mzaz6NB5CV:OV77AsPuxMBxNM

    Score
    1/10
    • Target

      client.dll

    • Size

      932KB

    • MD5

      169b4fc82c8e3d3a56d5efb0cc7d1fda

    • SHA1

      423c0e13ba47fb6db228504513046e1337a06906

    • SHA256

      664beecaf8a5a8f578a667b2fec80584bbc036795bd8e703554f760e70aa6593

    • SHA512

      eb8d2db2157259909b0706cce8fcb539c6a5ce484792fe87ff69ae86167b0cded1487ba04127ab1f7dbb3f80aea2b7a4f21f2878860175800f4e65a9425aebd6

    • SSDEEP

      24576:IAU5Kw8NipsxwlRSh0bTr5ApwYUjDgZqGa9sHM:jw8NcRSh0bT9bgZqG

    Score
    3/10
    • Target

      concrt140.dll

    • Size

      245KB

    • MD5

      0338a505daff90b36936fc1418eb112d

    • SHA1

      8a55fd91bf548a5d65c4ca1088a168b91b90d656

    • SHA256

      20094beed98a02da4f9fa1bf07a36c38bc10b14a08e7b3f3a46a7ff93941a191

    • SHA512

      56da5d7fc6ce5ad92b9b5e90bd2235391572a4d57dc844f311de076a01c7e4f3207e15e2eba34997e9d56f05be263a52d1dc1bf595081ece69db1cc9af145cc3

    • SSDEEP

      6144:ac36PHuORQstn8a9/y46BIgyM5YG+1dfdkznsI0I9sys6Sr6twsCOvPMF12z/fym:13XmWiLfdkYI1C61PMGzg+3

    Score
    3/10
    • Target

      msvcp140.dll

    • Size

      440KB

    • MD5

      1940325e1e8ca37e09f84545dccd07cd

    • SHA1

      333952b9b0dbed320539fb30ea77928010bcaadb

    • SHA256

      83c0fe5fab090060de7abe9dc85f5651d0f505a4ecc18f1ee8631941d0d665ea

    • SHA512

      760dffbcd007e17acce95e3cbffad37ba4b8f0ca098fd18fe58120d135377b3df2da87c12cf566026cde0f7850937fd9275c98ac90a865fdb748b0fdce1a1d28

    • SSDEEP

      12288:eYYt2J1opDyXTx2vLGNSC8kYE/LryQy+i+hUgiW6QR7t5s03Ooc8dHkC2esrqs6c:eYYt2JODyXTxBNSC8kYE/py+i903Ooc7

    Score
    3/10
    • Target

      openvpn/7/tap0901.sys

    • Size

      25KB

    • MD5

      815e58bc7ef97df42d46d7a24f1251b3

    • SHA1

      2fc9828cef6a57c1d186c49de5277bdd946f70cf

    • SHA256

      c34a74fd751aad0014d62cc7ddc879de878e830b261138b5482943d888438c4d

    • SHA512

      a738774116455d93ca7fe2243c9da1b445b312fc24d299abb7982d0a1b584b6b86e44a2945a60aa47935491c77267c0abe68674185f5a33ce029d1624a740116

    • SSDEEP

      384:yNOq10OI98jjMJjA4KxmwwuWuDHg00WLSVpZrwIbj9TopXxQJDL23:yN9PjjMA4WRRN+VpjdTqxQv23

    Score
    1/10
    • Target

      openvpn/addtap.bat

    • Size

      153B

    • MD5

      febc63026a60d73c0a5d2eac92928350

    • SHA1

      86e18faa09d199caa7fde7f135d3895929cb500a

    • SHA256

      ea8a81f97699a1aa74ad8c8e8215507ea0ad3f2a0ded44d538722c5e07dfb088

    • SHA512

      ef63da39ffc6a08a01247afb0a4eda878e97f8b18683ddec274a0cc7d9811a9d3d0ceeaaca98d35908e23a31f2953b2be440c6d384f5d9f9de963c12e24c9a38

    Score
    1/10
    • Target

      openvpn/deltapall.bat

    • Size

      194B

    • MD5

      edba35d87f6c451993ab4d9409b2d302

    • SHA1

      737e1abe92c08e6b69d6d3a949a5097d8ed849b2

    • SHA256

      1f59f88711ce83d0550d799aaee8eea0af2c76c3255340efbf7d309c5c71e052

    • SHA512

      f740400b5ab694a91b209009aed563283f819816c17a7b86301b40e3415f26edae7d6ff7ce6ae785a806d79fe528908f69118201a64d3707e78462109ea4bfe8

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

discovery
Score
7/10

behavioral2

discovery
Score
7/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discoveryupx
Score
7/10

behavioral14

discoveryupx
Score
7/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

discovery
Score
3/10

behavioral24

discovery
Score
3/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10