Overview

overview

10

Static

static

0afcbb7118...fd.exe

windows7_x64

10

0afcbb7118...fd.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    70s
  • max time network
    63s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    02-05-2022 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0afcbb7118071254730e12272ba23702ae38dee8bf67d6fe67bc66ade8f208fd.exe

  • Size

    1.3MB

  • MD5

    2d47dafdcf067ec35d8fe61c36f1ec2d

  • SHA1

    0a594cd3127bafb7971585b399e68bdf1cea76a5

  • SHA256

    0afcbb7118071254730e12272ba23702ae38dee8bf67d6fe67bc66ade8f208fd

  • SHA512

    b5b37140aea098270df7bf327e09aced3c36d22638c9be5a73d335e25e4bb40674d72de328d500de45ae14a0ff8793f0f0140a190fb0b83a73fcba15276cf089

Score
10/10
ffdroiderspywarestealer

Malware Config

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0afcbb7118071254730e12272ba23702ae38dee8bf67d6fe67bc66ade8f208fd.exe
    "C:\Users\Admin\AppData\Local\Temp\0afcbb7118071254730e12272ba23702ae38dee8bf67d6fe67bc66ade8f208fd.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1564-54-0x0000000075CD1000-0x0000000075CD3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1564-55-0x0000000000F40000-0x0000000000F50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1564-61-0x0000000001010000-0x0000000001020000-memory.dmp

    Filesize

    64KB

    Download