Overview

overview

10

Static

static

0f1619d287...ad.exe

windows7_x64

10

0f1619d287...ad.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    29s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    04-06-2022 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f1619d2878b47decac0eb4f25fae469623b3e41ae8564e7061ca464e95707ad.exe

  • Size

    2.1MB

  • MD5

    011eca360bcae358ca1ebf28d2cfb0cc

  • SHA1

    95a9e2b240dfafc760b9c84e20c53d89632761c1

  • SHA256

    0f1619d2878b47decac0eb4f25fae469623b3e41ae8564e7061ca464e95707ad

  • SHA512

    46d6aa457c9a328ce0206348d43244685be06da27ad58c36810417526308a8bb77f608f8c3781018dd8b43e944f65c625166f672e0d3c6a98b2c7356ca3acd80

Score
10/10
ffdroiderspywarestealer

Malware Config

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • FFDroider Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f1619d2878b47decac0eb4f25fae469623b3e41ae8564e7061ca464e95707ad.exe
    "C:\Users\Admin\AppData\Local\Temp\0f1619d2878b47decac0eb4f25fae469623b3e41ae8564e7061ca464e95707ad.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:912

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/912-54-0x0000000076C81000-0x0000000076C83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/912-55-0x0000000000B40000-0x00000000010F0000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/912-56-0x0000000000020000-0x0000000000023000-memory.dmp

    Filesize

    12KB

    Download

  • memory/912-57-0x0000000000020000-0x0000000000023000-memory.dmp

    Filesize

    12KB

    Download

  • memory/912-58-0x00000000025B0000-0x00000000025C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/912-64-0x00000000026A0000-0x00000000026B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/912-70-0x0000000000B40000-0x00000000010F0000-memory.dmp

    Filesize

    5.7MB

    Download