Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • submitted
    09-09-2022 09:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    3.8MB

  • MD5

    31602ebe5470cf625f5d0888fbd9918c

  • SHA1

    361e0bc1d515b4d5edf17339cd4e866e004b6a98

  • SHA256

    d1260997bc5cd00b88b61cb7adddae0768a3af22fa53e365a78bd528537f2b74

  • SHA512

    4c6a99d8413577e0705a9919bb51780f4395c025e20e97d7d7e92201825c2356d3e4d34840090eb052670b973eaa6c37d0a3294d339023d4e08ac3b86ccfca17

  • SSDEEP

    98304:oD9UShZa98B/bLlcHv3s/H9dAtdiplNRH6u7EKuJtbdOCdLewkb2a13QSH:oGShjNlw30fG2N55v

Score
10/10
ffdroiderevasionpersistencespywarestealertrojan

Malware Config

Extracted

Family

ffdroider

C2

http://103.136.42.153

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • FFDroider payload 7 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    PID:4992

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4992-132-0x0000000000400000-0x00000000009F6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4992-133-0x0000000000400000-0x00000000009F6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4992-134-0x0000000000400000-0x00000000009F6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4992-135-0x0000000000400000-0x00000000009F6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4992-136-0x0000000000400000-0x00000000009F6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4992-138-0x0000000000400000-0x00000000009F6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4992-139-0x0000000003D20000-0x0000000003D30000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4992-145-0x0000000003E80000-0x0000000003E90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4992-151-0x0000000000400000-0x00000000009F6000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4992-152-0x0000000004940000-0x0000000004948000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-153-0x0000000004960000-0x0000000004968000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-154-0x0000000004A00000-0x0000000004A08000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-155-0x0000000004B40000-0x0000000004B48000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-156-0x0000000004CA0000-0x0000000004CA8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-157-0x0000000005090000-0x0000000005098000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-158-0x0000000004F90000-0x0000000004F98000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-159-0x0000000004DF0000-0x0000000004DF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-160-0x0000000004960000-0x0000000004968000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-161-0x0000000004DF0000-0x0000000004DF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-162-0x0000000004F20000-0x0000000004F28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-163-0x0000000004960000-0x0000000004968000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-164-0x0000000004F20000-0x0000000004F28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-165-0x0000000004DF0000-0x0000000004DF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4992-178-0x0000000000400000-0x00000000009F6000-memory.dmp

    Filesize

    6.0MB

    Download