FreeMe, Freezing
Tags
| attack-pattern: | Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 25437098-87d6-4e05-bdc0-6bbe0c60b757 |
| Fingerprint | 3262f96e4d744c2b |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 27, 2019, 1:50 a.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Шифровальщики-вымогатели The Digest "Crypto-Ransomware" |
| Title | FreeMe, Freezing |
| Detected Hints/Tags/Attributes | 16/1/15 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://id-ransomware.blogspot.com/2019/06/freeme-freezing-ransomware.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | filecoder.tg |
|
| Details | Domain | 1 | 372f04007fc6254d033c2d89da36b63741e00c800dfc8ccd9ce7b814e7b8162a.zip |
|
| Details | Domain | 396 | protonmail.com |
|
| Details | Domain | 911 | any.run |
|
| Details | 2 | freewizard9@protonmail.com |
||
| Details | File | 1 | freeme.exe |
|
| Details | File | 367 | readme.txt |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | freezedbywizard.log |
|
| Details | File | 1 | freezedbymagic.log |
|
| Details | File | 1 | 372f04007fc6254d033c2d89da36b63741e00c800dfc8ccd9ce7b814e7b8162a.zip |
|
| Details | File | 1 | f6b1d9d4c1519de89224ceaaeafd95e2dd5dd8f0aabe01c207b9958b12fe4df2.ps1 |
|
| Details | File | 1 | c:\users\admin\appdata\local\temp\f6b1d9d4c1519de89224ceaaeafd95e2dd5dd8f0aabe01c207b9958b12fe4df2.ps1 |
|
| Details | sha256 | 1 | 372f04007fc6254d033c2d89da36b63741e00c800dfc8ccd9ce7b814e7b8162a |
|
| Details | sha256 | 1 | f6b1d9d4c1519de89224ceaaeafd95e2dd5dd8f0aabe01c207b9958b12fe4df2 |