Overview

overview

10

Static

static

8

5ce27f724c...4b.exe

windows7-x64

10

5ce27f724c...4b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    106s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • submitted
    01/08/2022, 05:02 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b.exe

  • Size

    1.8MB

  • MD5

    e101086987595cde7a1439641814d5cf

  • SHA1

    f7b1b3bd0a933be4adbca78d6938d6dfac90de77

  • SHA256

    5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b

  • SHA512

    216b33d61872fe0ae7c93e1329fa55e369edcffc49be54b7e079edc09ccfd7d7c680c5a2bfdf81008bae666e44b62a3aeca5884ea4d4ea49afc470b8da5f71cd

  • SSDEEP

    49152:oiVOqL26YVweCqo0oKPB803g0Bk+QqX0NmXqxq:ocfrqo5KPB203XgM

Score
10/10
ffdroiderspywarestealer

Malware Config

Extracted

Family

ffdroider

C2

http://152.32.228.19

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • FFDroider payload 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b.exe
    "C:\Users\Admin\AppData\Local\Temp\5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:740

Network

    No results found
  • 152.32.228.19:80
    5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b.exe
    152 B
     3
  • 152.32.228.19:80
    5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b.exe
    152 B
     3
  • 152.32.228.19:80
    5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/740-54-0x0000000076AE1000-0x0000000076AE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/740-55-0x00000000002B0000-0x00000000006DB000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/740-56-0x00000000002B0000-0x00000000006DB000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/740-58-0x00000000002B0000-0x00000000006DB000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/740-57-0x00000000002B0000-0x00000000006DB000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/740-59-0x0000000000770000-0x0000000000780000-memory.dmp

    Filesize

    64KB

    Download

  • memory/740-65-0x0000000002420000-0x0000000002430000-memory.dmp

    Filesize

    64KB

    Download

  • memory/740-71-0x00000000002B0000-0x00000000006DB000-memory.dmp

    Filesize

    4.2MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.