Overview

overview

10

Static

static

8

2428300eac...19.exe

windows7-x64

10

2428300eac...19.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    27s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2023 17:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2428300eaca9fcd5d2170b811a464b4591e9391ea57e95fa217b02d3328e7419.exe

  • Size

    474KB

  • MD5

    95ce031c5273b6c1f2d813566a7ea9ea

  • SHA1

    f47a1a1502de7a0b9cae47037e06f41753d94156

  • SHA256

    2428300eaca9fcd5d2170b811a464b4591e9391ea57e95fa217b02d3328e7419

  • SHA512

    5a2fa3a7413c672714d38b6d60e5794481c871ba402f92bc97a6e37b7fed466212060a8d7a560a900c8637ab6b39d8c619fc528d5ec8e303fd98efd89db57cdc

  • SSDEEP

    12288:pvv0rmiMQTll4pWWUgyOHaW8xAyBhh4YIRRioMZtKOIiVywxGkoS:Bd2ll4XZGxAyBbrCeVIkywx

Score
10/10
ffdroiderspywarestealerupx

Malware Config

Extracted

Family

ffdroider

C2

http://101.36.107.74

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2428300eaca9fcd5d2170b811a464b4591e9391ea57e95fa217b02d3328e7419.exe
    "C:\Users\Admin\AppData\Local\Temp\2428300eaca9fcd5d2170b811a464b4591e9391ea57e95fa217b02d3328e7419.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-54-0x00000000753D1000-0x00000000753D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2008-55-0x0000000000400000-0x000000000055C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2008-56-0x0000000002C30000-0x0000000002C40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2008-62-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2008-68-0x0000000000400000-0x000000000055C000-memory.dmp

    Filesize

    1.4MB

    Download