Overview

overview

10

Static

static

3

d5fdccf450...a4.exe

windows7-x64

10

d5fdccf450...a4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 15:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d5fdccf45022505df0065d9951b126a4.exe

  • Size

    953KB

  • MD5

    d5fdccf45022505df0065d9951b126a4

  • SHA1

    8180491d58548ba199408b47b5da1afab762757e

  • SHA256

    35b7f5d4e57a8afad88d2616738f3638b82d689fa61f948b335f8a3526501a9e

  • SHA512

    fca7d38771b0aaac3c4ab8e2d4750102e11b738c175bfdf88043d019501417c303b01e20d065f67bbb967a3a639604e10f768a8ba8251d60992d6bfe6a8df625

  • SSDEEP

    12288:j9lBnqfZiMym1/4jGiO0J0wCzDvcBqKJZHDBCyMAFokoczTwphpa7coWQ12kfTwv:5lBapymaawC/xKHHdCDVkoIwxylvUv

Score
10/10
ffdroiderspywarestealer

Malware Config

Extracted

Family

ffdroider

C2

http://186.2.171.3

Signatures

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider
  • FFDroider payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5fdccf45022505df0065d9951b126a4.exe
    "C:\Users\Admin\AppData\Local\Temp\d5fdccf45022505df0065d9951b126a4.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2288
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 2088
      2⤵
      • Program crash
      PID:2368
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2288 -ip 2288
    1⤵
      PID:1712

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\d.jfm
      Filesize

      16KB

      MD5

      7dbf017a670d9cafbdd93432fecdd6a8

      SHA1

      310a51d5a5ece1e92b5045fae66ad9829db02529

      SHA256

      d3510a67ed65ea7b523b0a7ef0b93c7d92c13f65fee4c42676a2c8e71c65d51e

      SHA512

      cbfe3a7e3eb3120f2fb000471bc5304be8b65e64eb38a90c930511bf3fccd7efa73ee3ef1f802fab6fe90b86d122f4600d4470e21f03efc6bb2c9efef33d10c6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d.jfm
      Filesize

      16KB

      MD5

      e8cae3fc3f17c0a04105a72dcebc6a34

      SHA1

      f9b6b4f47f2d21832d17804f884e51188a56e5c8

      SHA256

      74535aa49dcd55e3a8aae8f991d326c4bcef76c9e90d58deef01e92a80e4e96f

      SHA512

      1b7d5a9d3af77b86b82550e6529b81829992d0eb07cd5b8600cf1ae26a73c9e916be15e8b6d9908d4eb3540548da882321819c888b3281e299f622a53b515056

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d.jfm
      Filesize

      16KB

      MD5

      fdf506749fcafd3eb72296cca6fe5af2

      SHA1

      c8c1889a6d94ed086ae9c857f68400113d941a85

      SHA256

      58f133e09a0560f35efa1fff55bad80055538845e1d39c200214ed36788f4ab2

      SHA512

      67749b7261c93aa63023194a9f7723b388dad610a48efd1bdbebd35cfab88ff2aabad1a6223d764ff3705b83cd76696f9204d51e0d4a61d0aac0a72231976bcf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d.jfm
      Filesize

      16KB

      MD5

      ef228e8c06f777f1c2c585e4e012f22c

      SHA1

      ff557af21186395e7a85d14fa573f68c993b6285

      SHA256

      a6103007feb697b7fc03611f68295c31196f47f9097d7043015847c479ef0a04

      SHA512

      6658b15b8b6d22fef2ac2c28422c7d135658f7eb1e72303b0026400e7f771fe8678343c639e72f41d1a1ccf324dedc07b4733afc4501e92222227582016d12c9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\d.jfm
      Filesize

      16KB

      MD5

      42a078f64bdeca10c8c91eb98b511f8c

      SHA1

      688756b6fbf296aef9310418a281941b26a9f156

      SHA256

      9a94299b35bc7e7f7f360e5b66c077d4a7f1c27a4edae1018979272824f4705f

      SHA512

      f12b37ba4d5d6ec6403b88293043de43348aedf348ff13a45a7866bed84ef4313ae490efb6b22712fc72783629d8f34e0a34962208f0b0d677dee4e3a2dd1e46

      Download Submit

    • memory/2288-25-0x0000000004A40000-0x0000000004A48000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-56-0x0000000004E20000-0x0000000004E28000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-23-0x0000000004840000-0x0000000004848000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-0-0x0000000000400000-0x0000000000692000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2288-27-0x0000000000400000-0x0000000000692000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2288-29-0x00000000048D0000-0x00000000048D8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-30-0x0000000004A50000-0x0000000004A58000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-32-0x0000000004BE0000-0x0000000004BE8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-15-0x0000000003D70000-0x0000000003D80000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2288-45-0x0000000004840000-0x0000000004848000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-9-0x0000000003C10000-0x0000000003C20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2288-53-0x0000000004DE0000-0x0000000004DE8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-55-0x0000000004EF0000-0x0000000004EF8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-22-0x0000000004820000-0x0000000004828000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-57-0x0000000005470000-0x0000000005478000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-58-0x0000000005360000-0x0000000005368000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-59-0x0000000005360000-0x0000000005368000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-60-0x0000000005380000-0x0000000005388000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-61-0x0000000004A60000-0x0000000004A68000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-5-0x00000000001C0000-0x00000000001C3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2288-74-0x0000000004840000-0x0000000004848000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-82-0x0000000004A60000-0x0000000004A68000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-84-0x0000000004B90000-0x0000000004B98000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-4-0x0000000000400000-0x0000000000692000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2288-97-0x0000000004840000-0x0000000004848000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-1-0x00000000001C0000-0x00000000001C3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2288-105-0x0000000004B90000-0x0000000004B98000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2288-107-0x0000000004B90000-0x0000000004B98000-memory.dmp

      Filesize

      32KB

      Download