Overview

overview

10

Static

static

0f1619d287...ad.exe

windows7_x64

10

0f1619d287...ad.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    152s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    04-06-2022 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f1619d2878b47decac0eb4f25fae469623b3e41ae8564e7061ca464e95707ad.exe

  • Size

    2.1MB

  • MD5

    011eca360bcae358ca1ebf28d2cfb0cc

  • SHA1

    95a9e2b240dfafc760b9c84e20c53d89632761c1

  • SHA256

    0f1619d2878b47decac0eb4f25fae469623b3e41ae8564e7061ca464e95707ad

  • SHA512

    46d6aa457c9a328ce0206348d43244685be06da27ad58c36810417526308a8bb77f608f8c3781018dd8b43e944f65c625166f672e0d3c6a98b2c7356ca3acd80

Score
10/10
ffdroiderevasionspywarestealertrojan

Malware Config

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • FFDroider Payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f1619d2878b47decac0eb4f25fae469623b3e41ae8564e7061ca464e95707ad.exe
    "C:\Users\Admin\AppData\Local\Temp\0f1619d2878b47decac0eb4f25fae469623b3e41ae8564e7061ca464e95707ad.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of AdjustPrivilegeToken
    PID:4280

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4280-130-0x0000000000EA0000-0x0000000001450000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4280-131-0x0000000001470000-0x0000000001473000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4280-132-0x0000000005000000-0x0000000005010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4280-138-0x00000000051A0000-0x00000000051B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4280-144-0x0000000005D90000-0x0000000005D98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-145-0x0000000005DB0000-0x0000000005DB8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-146-0x0000000005F90000-0x0000000005F98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-147-0x0000000005F90000-0x0000000005F98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-148-0x0000000005FC0000-0x0000000005FC8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-149-0x0000000006260000-0x0000000006268000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-150-0x0000000006160000-0x0000000006168000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-151-0x0000000005FD0000-0x0000000005FD8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-152-0x0000000005DB0000-0x0000000005DB8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-153-0x0000000005FD0000-0x0000000005FD8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-154-0x0000000005DB0000-0x0000000005DB8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-155-0x0000000005FD0000-0x0000000005FD8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4280-226-0x0000000000EA0000-0x0000000001450000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4280-227-0x0000000003BC0000-0x0000000003BC8000-memory.dmp

    Filesize

    32KB

    Download