Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220715-en -
resource tags
arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system -
submitted
18-07-2022 18:36
Static task
static1
Behavioral task
behavioral1
Sample
md9_1sjm.exe
Resource
win7-20220715-en
windows7-x64
5 signatures
150 seconds
General
-
Target
md9_1sjm.exe
-
Size
2.1MB
-
MD5
3b3d48102a0d45a941f98d8aabe2dc43
-
SHA1
0dae4fd9d74f24452b2544e0f166bf7db2365240
-
SHA256
f4fdf9842d2221eb8910e6829b8467d867e346b7f73e2c3040f16eb77630b8f0
-
SHA512
65ae273b5ea434b268bbd8d38fe325cf62ed3316950796fa90defbc8a74c55fba0a99100f2ae674206335a08e8ea827d01eeccf26adf84ebfeebb0f17cfb7ba8
Malware Config
Signatures
-
FFDroider payload 2 IoCs
resource yara_rule behavioral1/memory/1480-55-0x00000000011E0000-0x000000000178C000-memory.dmp family_ffdroider behavioral1/memory/1480-69-0x00000000011E0000-0x000000000178C000-memory.dmp family_ffdroider -
suricata: ET MALWARE Win32/FFDroider CnC Activity M2
suricata: ET MALWARE Win32/FFDroider CnC Activity M2
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 1480 md9_1sjm.exe