Analysis
-
max time kernel
87s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
22-10-2022 14:39
General
-
Target
38b2c7a1af454d382927f81543d86055886bc028634575050367d052efd26434.exe
-
Size
1.1MB
-
MD5
78c42d6817af1ad96cabdf6ff2f7f3da
-
SHA1
abeadcee8d9f00c6ccdb0f9d33edd1006a079384
-
SHA256
38b2c7a1af454d382927f81543d86055886bc028634575050367d052efd26434
-
SHA512
76a3b3e6ae0ea0f17661314fe391ec8b9b580a7ecfee0ebe2d830db3843d5d929d6bf3adb8cb03f6b87212a607ce001700ea3dc305828c817ff017dd3b766811
-
SSDEEP
24576:zmWAbXH84DRnKCwyElWCAMmKix1x1IDStOX2cBZ8umx7QgbcxWsG2:zmXL8uokzK6DxcD8uqzbcxWX
Score
10/10
Malware Config
Extracted
Family
ffdroider
C2
http://103.136.42.153
Signatures
-
FFDroider
Stealer targeting social media platform users first seen in April 2022.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\38b2c7a1af454d382927f81543d86055886bc028634575050367d052efd26434.exe"C:\Users\Admin\AppData\Local\Temp\38b2c7a1af454d382927f81543d86055886bc028634575050367d052efd26434.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
2.6MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
2.6MB