Overview

overview

10

Static

static

8

94031fe0fb...74.exe

windows7_x64

10

94031fe0fb...74.exe

windows10_x64

10

94031fe0fb...74.exe

windows10-2004_x64

10

94031fe0fb...74.exe

windows11_x64

Analysis

  • max time kernel
    72s
  • max time network
    61s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-04-2022 22:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94031fe0fbda71abdfa4f51c370d0da17deae7578549a81335dfbb446f75c474.exe

  • Size

    1.9MB

  • MD5

    beb93a48eefd9be5e5664754e9c6f175

  • SHA1

    d007e52aa93034a54b2f8167e3bcdcff8a65a63d

  • SHA256

    94031fe0fbda71abdfa4f51c370d0da17deae7578549a81335dfbb446f75c474

  • SHA512

    7b7ca6a538eed77f8a10aa9628466a2d41d3133510663d065594ee83dfec5e432d8a0bd206b7383e014f8bad282c736662d22c9b9e5705436ec235e8c384cb2a

Score
10/10
ffdroiderspywarestealer

Malware Config

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • FFDroider Payload 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94031fe0fbda71abdfa4f51c370d0da17deae7578549a81335dfbb446f75c474.exe
    "C:\Users\Admin\AppData\Local\Temp\94031fe0fbda71abdfa4f51c370d0da17deae7578549a81335dfbb446f75c474.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:552

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/552-54-0x0000000075451000-0x0000000075453000-memory.dmp

    Filesize

    8KB

    Download

  • memory/552-55-0x0000000000E60000-0x00000000012FA000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/552-56-0x0000000000E60000-0x00000000012FA000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/552-57-0x0000000000E60000-0x00000000012FA000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/552-58-0x00000000009A0000-0x00000000009B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/552-64-0x0000000002B30000-0x0000000002B40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/552-70-0x0000000000E60000-0x00000000012FA000-memory.dmp

    Filesize

    4.6MB

    Download