ffdroider | a24743dbcee924a3d96a505f0e16515b147b74bccbed765562d59570edb2bdcc

Analysis

max time kernel
115s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber.exe
Size

6.1MB
MD5

0001a63eaab01779eb06a240cd5fdf8b
SHA1

b60e7d24f091ad351d97fdcc7fc11ff7c45b562a
SHA256

a24743dbcee924a3d96a505f0e16515b147b74bccbed765562d59570edb2bdcc
SHA512

5878a2fe96e2c7bcf3e2cd215c1e2317f27b585cf4fd8e345504c720dc1430865d176b7faec38d40029399420febe994db7d37b7eca8e5adc37bc2acea84ad46
SSDEEP

196608:W62uK6qA6XWIkvLZH7MjOc8Tjfj3ugw30AF+sd4UFLOyomFHKnP6jEkX6Zzfa7C:Wd+UFwk

Score

10^/10

ffdroider evasion spyware stealer trojan

Malware Config

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4580	2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber.exe
Token: SeManageVolumePrivilege	4580	2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber.exe
Token: SeManageVolumePrivilege	4580	2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber.exe

C:\Users\Admin\AppData\Local\Temp\2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-02_0001a63eaab01779eb06a240cd5fdf8b_icedid_magniber.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1332 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d

Filesize
3.5MB

MD5
b61dc53bd69069793544e987008b7582

SHA1
cca4d9054aab52f108a88c09d6af01b4a70767fb

SHA256
f8c7d5eb34beb7eda2c12d9746ed2215b4bc542d779cc4196a067b52a677303b

SHA512
d01020903eb5122dff8fdac3c3fb4753b5bab0e5a3aad45516dbe5be3b3e851f35360369291fddbc4474327b31a09c12c36b95b74969f60621b6aa21382ceb60

Download Submit
C:\Users\Admin\AppData\Local\Temp\d

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c4233321bf58a872136e00c24c992027

SHA1
adf004757b5f84676e08d195a95db0f3c1116fc3

SHA256
7bdb72c87e848a15a767bb05d9391522e1fbc26476fed6a74344df9429eae143

SHA512
d2c5130d45312d7507f9b10a6782ab4fba707d4cdd2e0dc5e8ae0a01df45e86715b648fc1a92ab6cc18c84571411899cd9d30a678c3798731a0a094efcc22d99

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
97823fdab108955b58e0c70cdf650773

SHA1
b6290c71bc56c99dbd47086c2b9ca76f767ac7b7

SHA256
41b79a564e8249cd74718796865964c2aca68a7dcf66e57ca86ddd36c4a25b07

SHA512
cf8abbf2ae6e9980d7a205aa7af43d3dc1e16a90ca6fdaf41071c5ce82235449eea9580c567bd6792448c7616a5049132f1ea7f5aa5e76c4bb1e4a143ab4e523

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
4ab8f865c7ed9a5aae3102a5f6820060

SHA1
b789efdba4a5f1043b566ff31e0c83c2c9768c9a

SHA256
54f7e77661fb345dbb05705ec096885795d1e1a71ed81973e17d4ee53a384581

SHA512
617d51c135a0941bba8fe937f8c7a8f96d8aa32b858f2dde881aebed0b71f386158b087f55a9966f0848dcd390818f6725140ac67105427dda33f7d3fb861bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
68db731eb325f2f603b60002595c38ce

SHA1
88cf737808ef83b7d88c9e7b0b0e03d2ac5af6c9

SHA256
d80ffdcfb3c42790c66a46067d74bb938a3bff1fb48555e18ba604101f600670

SHA512
37057090e5cfe2efa44e7ea098e689017c8ddaa6ba8c41dc79720c295c51a0178f82194d627b02091379d6acdde4b5f1238df51aec3c510804384c34e43d022d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
2404a12ecf342da06f9a2b10e5d49402

SHA1
d4aa81808dec986f86824203bf542fbde2495204

SHA256
d1ce557b2ddca6290711f17b6c7ac67747ec90019ee4bd9f4b17ac0ae9636812

SHA512
60c762004a6290adbb6942d33f42183e887a2a123c741cf7915295a1b23ade9c4ecd3463f68ed071a815f32044bdbef94844399c3d069e26e30a9ca65de9a1bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e2a551f2fe62f1e4fa45bc986c6b615d

SHA1
53128dc8130c8feaf6807165dcd8e93f5ea44fac

SHA256
cd208139cbc46a4bbaa44408a80f05635c27678307ab39043bf55564d2f87bcb

SHA512
8638716530b9c63660b57c2657e7c4688a4141e45431140846326f55f63fb318a0a3e67e7b6630bae06dc8213b7b0b8773de17b1be82f7dc7996d4c8b78c3343

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
42d07431d6cbbd22c208aaa9789d9ed5

SHA1
639ae02efad94282bb24b261f0c5c3c03d68624c

SHA256
5b00a8f3dd7251af310f4e33c824c966b37a3de8ee5e699e3d65e33756d079da

SHA512
7f6f7da293bcb72d726f4e98a11e8341e30a3c84bad8ec16422b9f6a05f0983dda5508b2b7a8190905ee26a10d26de97cc610d7b8b21cae263fbc08a00f4d5d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0135b911157ebfa8243923cb86526007

SHA1
8b1907640aaa973d2fb1cabd1a1613837e6df96f

SHA256
6168cdd39f601df3163fc4fd4f52272e5942736e71ccf2d6ee8c35c7df190d5d

SHA512
8d13b13a47e52455c34d0c066073e7e83fed74142bbbdb9b53a051bfec8bbcf899887bef8a66f50f9a2bdcc53c17bcbf3c4d2c7853722d36029c4112635def8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
4049e9444db634724b097fed72423660

SHA1
081654ce8555f8d14924bf06a13b31d9aeb223e8

SHA256
85d129e9f64ffac1ec7611df5beb069ce0e96ada8089b8a179427e19a5fc4fb5

SHA512
7b8e0771325af2a77219c8209324da41bec57bb168003ef2015ee550c1c3a8f5a1e0a445588263b20e293763dc3a351a16b5b56593d04571f873f474f7da8762

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
935d91f9d0d8e8765159bf20afab938d

SHA1
f51d995c6c570bdcc7c222735cacffe120a4aa87

SHA256
bb166fce1463e9eba77d76a85c1b310d82e3e76d86771a597e211e7372d0ffcc

SHA512
c54897570f1f26a8f01e88e34f96d9384efa77b5b6a88512a0afc566e57a56afd30f502351395746c7eaa6ea10a1f13f15a2194cec1c7976e1c661c0f16f820b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
fd73f078f0b36ef6b8852d7c7d1bac40

SHA1
138c99e9024f8690d9d0dfbe58f93f2453fb50e5

SHA256
8268fe427a2acd31ba078e7de7214ffef0d10eb7602ed231ea93ff4299501bc7

SHA512
50ca5a155fd325740291910655958d4e3e3cffd5e7bc62bc5104f8ecbf26e613872bde6441269347d649e621d85597a2ae971c5653b70d6b3d9e4b44c9ff81c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
f3bf2f9e93fc47ade07dfad33cca17f1

SHA1
8bbcdaaba6a5e04afdd1856a56b7d7056b9bad86

SHA256
2a7a773ad7b1b3c0c7dfa9d887f7e3f7d93b549fe3385df1bd3eb476de7173e1

SHA512
7dbbf2589b8115b913ddbf66a473ea621ca207d87576d66e74e38897eba119baa2ba9f309bf678b73735f7b65f9ad6f211607425083b47c24f02edfcc22588ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
273d945eb0bfeff6a06131353e0df044

SHA1
ecce806c2ecd6009b740be482ad92c3f9e2d7215

SHA256
3f631f148222c328c552b6e51d8ea21356f052b0e27f98df2ee0af9282c739ee

SHA512
d9be94d888f65d8700f7c608c32abf4b1754c7a2b6488add0fea55e107df42f34d162b8131613905e4676ea9e11646a145dddf5aed68d4ab1756abcd7cb16467

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
48962712aa1ed396485e4aa302c4a654

SHA1
e24c015cf560311490bd03429363c063e2834f02

SHA256
b0deec3ba8fef735f3b5394c0e01db8a4070294fc40a9665bbeb8898fa48f5ea

SHA512
b7d622dcf8d2fa673512bfcd1e518058c92d4150f4e9e051f7063aed3538a44fa800d41de2bf7473149b63fdee5d2f536e5af698e77aa80f3dcc933efac864fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
66f02f3a901cb862e42e5dd726475b8a

SHA1
838fbedef69210eaf5cc0af928f4190b6afca87f

SHA256
e08884667dc71fabd04cd78d2b9ec172d3d831f2f05b541a2c68cc3aeab09d69

SHA512
a1b7033ddbddb1dcba5c6d25cbf5e402ef2273592de56efad447f4a5741cf48af523d5dbd97747e626014eaef75989a14b65ea84424401ba7ec850dca6844199

Download Submit
memory/4580-114-0x00000000047A0000-0x00000000047A8000-memory.dmp

Filesize
32KB

Download
memory/4580-40-0x0000000004AE0000-0x0000000004AE8000-memory.dmp

Filesize
32KB

Download
memory/4580-73-0x0000000004E30000-0x0000000004E38000-memory.dmp

Filesize
32KB

Download
memory/4580-63-0x0000000004AE0000-0x0000000004AE8000-memory.dmp

Filesize
32KB

Download
memory/4580-50-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/4580-4-0x0000000003EB0000-0x0000000003EC0000-memory.dmp

Filesize
64KB

Download
memory/4580-115-0x00000000047C0000-0x00000000047C8000-memory.dmp

Filesize
32KB

Download
memory/4580-123-0x0000000004860000-0x0000000004868000-memory.dmp

Filesize
32KB

Download
memory/4580-126-0x00000000049A0000-0x00000000049A8000-memory.dmp

Filesize
32KB

Download
memory/4580-127-0x00000000049C0000-0x00000000049C8000-memory.dmp

Filesize
32KB

Download
memory/4580-128-0x0000000005710000-0x0000000005718000-memory.dmp

Filesize
32KB

Download
memory/4580-129-0x0000000005610000-0x0000000005618000-memory.dmp

Filesize
32KB

Download
memory/4580-130-0x0000000004A20000-0x0000000004A28000-memory.dmp

Filesize
32KB

Download
memory/4580-48-0x0000000004E30000-0x0000000004E38000-memory.dmp

Filesize
32KB

Download
memory/4580-143-0x00000000047C0000-0x00000000047C8000-memory.dmp

Filesize
32KB

Download
memory/4580-71-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/4580-151-0x0000000004A20000-0x0000000004A28000-memory.dmp

Filesize
32KB

Download
memory/4580-153-0x0000000004A50000-0x0000000004A58000-memory.dmp

Filesize
32KB

Download
memory/4580-27-0x0000000004E30000-0x0000000004E38000-memory.dmp

Filesize
32KB

Download
memory/4580-166-0x00000000047C0000-0x00000000047C8000-memory.dmp

Filesize
32KB

Download
memory/4580-26-0x0000000004FC0000-0x0000000004FC8000-memory.dmp

Filesize
32KB

Download
memory/4580-174-0x0000000004A50000-0x0000000004A58000-memory.dmp

Filesize
32KB

Download
memory/4580-176-0x0000000004A20000-0x0000000004A28000-memory.dmp

Filesize
32KB

Download
memory/4580-25-0x00000000050C0000-0x00000000050C8000-memory.dmp

Filesize
32KB

Download
memory/4580-24-0x0000000004E20000-0x0000000004E28000-memory.dmp

Filesize
32KB

Download
memory/4580-23-0x0000000004CC0000-0x0000000004CC8000-memory.dmp

Filesize
32KB

Download
memory/4580-20-0x0000000004B80000-0x0000000004B88000-memory.dmp

Filesize
32KB

Download
memory/4580-18-0x0000000004AE0000-0x0000000004AE8000-memory.dmp

Filesize
32KB

Download
memory/4580-17-0x0000000004AC0000-0x0000000004AC8000-memory.dmp

Filesize
32KB

Download
memory/4580-10-0x0000000004010000-0x0000000004020000-memory.dmp

Filesize
64KB

Download