Overview

overview

10

Static

static

md9_1sjm.exe

windows7-x64

10

md9_1sjm.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2022 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    md9_1sjm.exe

  • Size

    2.1MB

  • MD5

    3b3d48102a0d45a941f98d8aabe2dc43

  • SHA1

    0dae4fd9d74f24452b2544e0f166bf7db2365240

  • SHA256

    f4fdf9842d2221eb8910e6829b8467d867e346b7f73e2c3040f16eb77630b8f0

  • SHA512

    65ae273b5ea434b268bbd8d38fe325cf62ed3316950796fa90defbc8a74c55fba0a99100f2ae674206335a08e8ea827d01eeccf26adf84ebfeebb0f17cfb7ba8

Score
10/10
ffdroiderspywarestealersuricata

Malware Config

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • FFDroider payload 2 IoCs
  • suricata: ET MALWARE Win32/FFDroider CnC Activity M2

    suricata: ET MALWARE Win32/FFDroider CnC Activity M2

    suricata
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\md9_1sjm.exe
    "C:\Users\Admin\AppData\Local\Temp\md9_1sjm.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1480

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1480-54-0x0000000076311000-0x0000000076313000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1480-55-0x00000000011E0000-0x000000000178C000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1480-56-0x0000000000020000-0x0000000000023000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1480-57-0x0000000001030000-0x0000000001040000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1480-63-0x0000000001120000-0x0000000001130000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1480-69-0x00000000011E0000-0x000000000178C000-memory.dmp

    Filesize

    5.7MB

    Download