Overview

overview

10

Static

static

10

freefn.exe

windows7-x64

7

freefn.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    freefn.exe

  • Size

    8.3MB

  • Sample

    241014-ewty2aybrc

  • MD5

    3385b348aeb138c9a08c082e348a7870

  • SHA1

    f7c3032f2370927aaf977258a8a3354dda87926d

  • SHA256

    f46a0c4426981c1680d72ec849a238287940b4b35dd0708d1c17f41f23ff1f5e

  • SHA512

    150a56fbbbda3c6b520cfb18aff601e4d68ae7480384d57199b847c77d1407c55c9c00d8221f6116d383e96c040584f63dbc01bd0b3c3f68d89f5292653c2afd

  • SSDEEP

    196608:PRg8VE2DwfI9jUC2gYBYv3vbW4SEf+iITx1U6n/:68VENIH2gYBgDWZjTnz/

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      freefn.exe

    • Size

      8.3MB

    • MD5

      3385b348aeb138c9a08c082e348a7870

    • SHA1

      f7c3032f2370927aaf977258a8a3354dda87926d

    • SHA256

      f46a0c4426981c1680d72ec849a238287940b4b35dd0708d1c17f41f23ff1f5e

    • SHA512

      150a56fbbbda3c6b520cfb18aff601e4d68ae7480384d57199b847c77d1407c55c9c00d8221f6116d383e96c040584f63dbc01bd0b3c3f68d89f5292653c2afd

    • SSDEEP

      196608:PRg8VE2DwfI9jUC2gYBYv3vbW4SEf+iITx1U6n/:68VENIH2gYBgDWZjTnz/

    Score
    8/10
    upxdiscoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks