ffdroider | 77041a33e4f52b86a78b12d80a21e48ba25e4d4c430090f33ba69a08f12a83a7

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe
Size

973KB
MD5

ecd7365422db60cf4f55f3c6f4ed49bf
SHA1

e4b914e366e854fc076b0faa955d4f52ae6f840d
SHA256

77041a33e4f52b86a78b12d80a21e48ba25e4d4c430090f33ba69a08f12a83a7
SHA512

a6a3b539765c31957564ee166dd8f2539ff4cfb73e76eda3cae1120f15abea410cc735bd8b0e759d69971ed788e58191b8d1c6f18081236aa7a431c8f88b0a24
SSDEEP

24576:UvEEKKedD+iC1ZE3vx/cR/Iqc73+SK+ukOd:+UK2D+DQgI3c3F

Score

10^/10

ffdroider evasion spyware stealer trojan

Malware Config

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider

FFDroider payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/540-5-0x0000000000400000-0x0000000000661000-memory.dmp	family_ffdroider
behavioral2/memory/540-508-0x0000000000400000-0x0000000000661000-memory.dmp	family_ffdroider

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe

description	pid	process
Token: SeManageVolumePrivilege	540	ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe
Token: SeManageVolumePrivilege	540	ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe
Token: SeManageVolumePrivilege	540	ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe
Token: SeManageVolumePrivilege	540	ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe
Token: SeManageVolumePrivilege	540	ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe

C:\Users\Admin\AppData\Local\Temp\ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ecd7365422db60cf4f55f3c6f4ed49bf_JaffaCakes118.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
PID:540

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d
Filesize
14.0MB

MD5
ce10ce8eddececefb91355ba1488a16c

SHA1
270a1da625db6e2840370c3dc1f0146f2ac6dea3

SHA256
51c5fccec1cee4303ee1a3ec9e05b11fe6c4ad7d69c5ffcd80e90a23b8a00883

SHA512
a8db1ae4412faca20e4959eb75371212eecf2fcf67161dc48a9f127078eed4fb10a21dc8d3026bd4008096af87ed32cd6f8716f8b321c905b573ac109af25da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW
Filesize
51KB

MD5
dd7f1043512000c9460f51b5cadf2d43

SHA1
0622bc7eceb73bdafdcde935134e65f2fd5af8b9

SHA256
4c6ada1060a62f79c0eb5183d6318bf3d2a276db72cf09100370f82b7e50182b

SHA512
d20b62ab96dca05e98d0f2ecc1816a5660c468bf0769283fc377ea832ec56037e04e4bf06d07ef68b505460f2bbad6b192c737f22139c19c0b4e266f604515f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
e4350d373f62a63f7639f40615241eb5

SHA1
31a4d527a82bc0599b3f8056f2f348da9dd1ac67

SHA256
44529a464019501673617087f1f37bb12b41328dfaa62dacc6a8284cd5040621

SHA512
f32ad364eb5e9da6e42c20428533373369cf8b5fdf02450cf64be07e66e55714ac50e5a2f19b127cbfd5f4fc3169eed87acf990c4a7c03a0a8f4689666234512

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
1dbd8ef4564704cc1d74738539c21ba0

SHA1
ae7ab20249f97bf320e96d4d1acbd5665002094c

SHA256
2121a09ac2a02df9e683ca2978581482e48ed2451d64f626e8b50d0a7386c523

SHA512
6e55a994c4fd0a9899bfceb4dea1850fd7a8f390f36a06d67064b5885cab160f29fcc176d2c3e7882099ba111c3164db52a9b7397d73ba87d730f55a48796641

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
58f4798e34ada6b074b507b3d697ec12

SHA1
da2680f301130f55bfa15e9976790469241201f4

SHA256
50082b7d9effe7a49910e6c6941643e35d4dd3e6cd2f5fa35aa2153f1ceac8dc

SHA512
016bc8b4f0f89a44845464e725bb75fc7697db47a4b14fb3e65345c76a3cc1f5e81cea4672ad2b2690d56a2e2b72dad373e59f5ef1134b383a4440e6c0f8acd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
6bf1bed1d4122a730f28aed3f48c61cc

SHA1
c099effbb74842146848b59e834677dd6ed1f975

SHA256
4d9757f7771efc14da6fcd552abc1c772e9c7846b3babbc8abf875f667d1b845

SHA512
edfcff80125a9ad5da8e221369b3eab4339e9cdbb46831c03a42aa789ef8426646354c15cf2cc7f6dcf9c73425aa45829442c0238cfbcf9713a86917be0c4434

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
f010d38751bccdd8f9b5785aa3f5ca91

SHA1
94f7d6cc973327fb78526942b3cc579d34fcade8

SHA256
cce5e8a1db39439b03fcbe33c33bdbddb6f3b4f06c0911fcad356c4a876a91e7

SHA512
63b88a0ebaddd9e0e345d48ec11f013fd3fcd789f00f1d3bfe46955e30519b17eef5a61c8aa2f47f27764560e87d105d90b89e9c9414d13e8f7e591ef55c5bcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
5622e8a049928610b8f8a58927bec1ea

SHA1
aa102f99bcc3b348fbaf897241dc00000d0893e4

SHA256
78298ffc3fbd8b98d57cc34f24a77e5803b8943fc6f8d4f0b244988a861e27fd

SHA512
c0c14742dbad9d623b60246229302be83b73a193511352392f5f5cf76d00b563b41bbda9356da9826b5aec0eef70fbe1584092d46df840483d85c368ffda8873

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
645717909ad411cee2a53fb4a26f1707

SHA1
42382b916a013380da39663556e35cd0b96cb05b

SHA256
2ca573a632e0f43d2efa08e2a52ffcb4185bd7671aa77c2d4b7c85547fcf2ac4

SHA512
9a0a8528f1c32fbffe5f8dc629e2094220da4fd065b4afedd8694912dc953ae6c7fd586243e4d8edcbb98b3cd422e84b7f43fe09e8253efb69b3d4bf48f4778f

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
876382be31f3e4272d7086c50a9eabd4

SHA1
98d256ffee6aac10d59b6a03d46d39ae530dd6c6

SHA256
6d70233cdd8e1ba194ed8886e4f34f1b5e7bbc0f7ad5affb7b9b8812554a1a88

SHA512
a38238891cef118017ba765a824a624ea6f8db4a5b426cc918f05c62e1c8a6b413cb53e7e0b3b734cf8d622a544913079866eb6084475b45ea98d485105521a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
c130b5b8169a5432f0b320700651af35

SHA1
6c41e35ae78bfa64f54b48992da41cd34b407e20

SHA256
39b7334d46401e90b3c08782cc17efe635c8414d5400904cbdfab8c3096a7b79

SHA512
e220ce2b895de6480eb8a9c4565062396b7bd15e186ffcef69d0413d7957172ef53af4e15d3de6fc7403c75c83dd0153beb497e750a8d500983884da91bcf87a

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
53a16c0282642af1ad099a2272a7fa47

SHA1
84a0d8fc7c8223cd9d4db36c54b76b52ec363af3

SHA256
447260c452d1ff983790894044c265b74ff75f1ad2fdf7c3a69c53c10f1420d1

SHA512
7196b9ef3871f79a7242296fc26927c8794910e8f72b4c4a254877f59af2cd34be36fc7cad667839192a0dfc10bbd46c9f17dac5f5cf80d9df361ec1f9a5c1b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
8020355cf16a5d083c9ef8cbc270836f

SHA1
35f878f895429916dc41f3920a72f6732a87a9b6

SHA256
08395a308965d1df62a164d5c93dd9a57fe07a5679c39d625637efec2c31d0ab

SHA512
f58d8060a5d33c6c40365c8f7dda821b60d4ab47966cb0aca69c7469ad64685156d479d9da02940d4eb4c162336fc239f411a4b177425102fe1e725ec1dcfe0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
a54b50d3e94fdc42ab83fc21a8e12869

SHA1
71e04e1ff2111139d8ec615c12c9c5cdbe863702

SHA256
ca37a9f72212eb3342773b6739f07bed7c4e61043810616cc1c07a49c1094382

SHA512
46a6564ff8db15101cdbde0646e2daa7e65a24b72ae844dd1112ac4c5816e2ab41c77a00ee08192f8d51cdeacccda142b461bf9ab3d91005ccb4c62530708a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
ab256a6a85cd39c42753ee45fab12707

SHA1
1b203de831c7e48a41d533b3e293beeca29bc860

SHA256
11dc4c8378a779818ff2408cf419ea3287893857561f8ed9b7f384ea3da4a29c

SHA512
a3c4181d55b20695668455a49dd9a089dc603af766b98f837e43a09af73f5f68882f217e7bbdd46c094f3e4f2ca936c57db81e0d61c8594238ca50372802d267

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
a212bdc12266e1b78ebab3e92e63937d

SHA1
fad1cca7b802cffae09d738d5163efa694f9c797

SHA256
5301540b9c38f0ad3f89713af8924a77a47e12c7a82b769c8eefb06602a0aee0

SHA512
e2787d2df2280021cb322e1b2c621572aea325f845964cef238efc16d876f78d2d13e1b648ff95b0df1bb2e0f10b3171fa7a37820edb7b0512af9975d6b0b523

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
0ddc3f29ee7183cce5e2711c82d19a5b

SHA1
8d1475100d486b0df3708e246fbe5e970392c61a

SHA256
1c1d75489b0b88900b2e93d1a7f0c7ca3a60bf0c7f81e689a3859bda3cd38a71

SHA512
d7245b0207e56d68b087e5ebf46ef479f1456f1bab156d2a10d92da7bdb30e505e95abe8688b3ec685ce22c2520cec54208ab62b3ca297e96ee7d59c1c1350fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
06d27df5671774f8c70b4f2eb3e5cf56

SHA1
821f3e1ea5b7a21710810bb4b5d0afa49fc4f110

SHA256
f890944c4a0fcfb9ac0e78f13dc0bd5df6b7c0c3b70ec83bbfce00e0a21e8168

SHA512
41339d74e0f7c22b8c49b29671fb34ac85418d7aa5955fca494ea9be952e3400947055848f2b9f91784d905ddc29aea7653ea07a091655852b4359da10f72092

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
11bd8495aee99a738d7ad2676dc925c0

SHA1
4aee5afa132a06264a433254cae3dd52509e4dfe

SHA256
edba98da53f39b378d7aaa840e34f061ad691452664a67f1d04f259c555191ef

SHA512
4958d1e913433832311774be098437af89f77c07e815e836db21b42c66e1fea7293d33f685988fdfbf27eb317afa6f50f02f82cee85e855d48562013dd4d6cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
54290c65ed8740a66ebf8cc3783eed1c

SHA1
3537a0017b871ff0dccba1cd48b2c46157fb7e59

SHA256
565a6ca091eb92235d7ab880c7c03e68145dc61cdaf6a60499333647599ba795

SHA512
6e7268a72c010f0ccc5096c59835e80a1f7a5042f1ca03d228e43bff1f514b608ca373b6b3a64c86b01414c07e6e990dde6579c0c6496a2429f76d1142c460b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
c57dafeab07653a6f2de90780302a49c

SHA1
f0bde6eceff424631db401104568cfd217e8444b

SHA256
8863c79e8817bb734f9a3f7a0e186de780817a422f81aecab9078875d6d7e971

SHA512
9a5d9b9cb4528361c7740d766d45e56be6ec59f31d0859ca7cf272ccf7f855c47186c0ec6752ff9a0daf0fab3cc3e2925a702ecc38fb7f3aaa1ed2f4c08f2432

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
65121829bca5ecc0101d9da9722c34de

SHA1
e48121db9e28f584ce400ad0310dac14e3ab6973

SHA256
21b8bd0ac2041e9ec4b9da5742797888b7b2831de2aa56fe370fe762cabaef58

SHA512
17ceeebb8bc4613fe19a4db476542e76a08604d04d616f51d4c5b6b05404f3935fae21afab7451f3143bbd014c7e72e9e5ea48b994988cbb2921ccf8eae7caf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
cdd68c2ce6d4abad990ad8d3b7c4df0d

SHA1
827f4e9b5d9e58047c2843e50653d4b2c36ad7bd

SHA256
f737f06fe119aa9599a665f86a62e336694c74ccdf77dc558f46a69b9bbc54c3

SHA512
27a0b53b1fa2cee462be8e85a4832fb8976f469b2cad3b9b0e11966ce4306c89413ad7d32b4e3c79b9a9d6f24e44786c51e32efc85a333ee5ef9f629cb30e3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
c5ded91ed37c7a3b9adf79ae20a86b68

SHA1
006a67655cf23c8530928e4f6ffed96075948af8

SHA256
4f5aad069f5d027852da6cdc09b9a0a850dbc770056ecf4674fbc968b9d060a3

SHA512
bc9fa4ba8be2f7b525bf1d256cdb628373c91a7e4137d3155c4de8f5c9071f3c65589b7db2879c2b790e729f80f1bd4d44bf7ca71d424b120b9926c6820f7975

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
76b26e33ef6830660ec55191023ee7ed

SHA1
f2fd41c0d5d0384259763fcc2392eb1dd5b4c94d

SHA256
cb03db1b6fb699d6243173b537ffede784fd4af5a602131e392ca0096a529e63

SHA512
724b7c01f150a3949be54f668bb6e507751e667bddb6635269341fe141f601f0c18057e048db384026d29e9ed1ff94473823aef3b54db696352ec8aae5377ebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
25c42b494cb7879a038c9c3bf456bd68

SHA1
ff4f05b9b6e8823183ec224d6c7575695e58d986

SHA256
308412b45240b0b5ca907b3c45b2334d717c8b66e8e4fc43ef38e8c491f96f9a

SHA512
54af78d2ab74950cf6745ef23b4092429531bdbb2e1177f8e34cae855f885074ecc0bcf278004d39bcfe757b096d4f549c15c1b82ff346758d6fbcbc4d299399

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm
Filesize
16KB

MD5
e73d65a76f8f9b3407667be71d3bad74

SHA1
23d5b6e4ce8fba835c548f251e62bc5965e29f1e

SHA256
764cebbfc38ebf457c8c82c0d5fea68e52cf86d34a7a90e7872fd4e43359f34a

SHA512
8f29060bddf2fe6a483bfe3ee36bba60cb670dd22ba9c22845be1f765b3d66a9ab02627b6c1af5665f61fbecbd6d960401498a9801b8227fcfbe3c3834f2abb2

Download Submit
memory/540-117-0x0000000004890000-0x0000000004898000-memory.dmp

Filesize
32KB

Download
memory/540-0-0x0000000000400000-0x0000000000661000-memory.dmp

Filesize
2.4MB

Download
memory/540-130-0x0000000004ED0000-0x0000000004ED8000-memory.dmp

Filesize
32KB

Download
memory/540-131-0x0000000005180000-0x0000000005188000-memory.dmp

Filesize
32KB

Download
memory/540-132-0x0000000005080000-0x0000000005088000-memory.dmp

Filesize
32KB

Download
memory/540-133-0x0000000004EF0000-0x0000000004EF8000-memory.dmp

Filesize
32KB

Download
memory/540-25-0x0000000004A70000-0x0000000004A78000-memory.dmp

Filesize
32KB

Download
memory/540-146-0x00000000048B0000-0x00000000048B8000-memory.dmp

Filesize
32KB

Download
memory/540-154-0x0000000004EF0000-0x0000000004EF8000-memory.dmp

Filesize
32KB

Download
memory/540-156-0x0000000005020000-0x0000000005028000-memory.dmp

Filesize
32KB

Download
memory/540-23-0x00000000049D0000-0x00000000049D8000-memory.dmp

Filesize
32KB

Download
memory/540-22-0x00000000049B0000-0x00000000049B8000-memory.dmp

Filesize
32KB

Download
memory/540-15-0x0000000003F10000-0x0000000003F20000-memory.dmp

Filesize
64KB

Download
memory/540-9-0x0000000003DB0000-0x0000000003DC0000-memory.dmp

Filesize
64KB

Download
memory/540-5-0x0000000000400000-0x0000000000661000-memory.dmp

Filesize
2.4MB

Download
memory/540-129-0x0000000004950000-0x0000000004958000-memory.dmp

Filesize
32KB

Download
memory/540-126-0x0000000004950000-0x0000000004958000-memory.dmp

Filesize
32KB

Download
memory/540-118-0x00000000048B0000-0x00000000048B8000-memory.dmp

Filesize
32KB

Download
memory/540-45-0x00000000049D0000-0x00000000049D8000-memory.dmp

Filesize
32KB

Download
memory/540-28-0x0000000004BB0000-0x0000000004BB8000-memory.dmp

Filesize
32KB

Download
memory/540-29-0x0000000004BD0000-0x0000000004BD8000-memory.dmp

Filesize
32KB

Download
memory/540-78-0x0000000004BE0000-0x0000000004BE8000-memory.dmp

Filesize
32KB

Download
memory/540-76-0x0000000004D10000-0x0000000004D18000-memory.dmp

Filesize
32KB

Download
memory/540-30-0x0000000004E80000-0x0000000004E88000-memory.dmp

Filesize
32KB

Download
memory/540-68-0x00000000049D0000-0x00000000049D8000-memory.dmp

Filesize
32KB

Download
memory/540-31-0x0000000004D80000-0x0000000004D88000-memory.dmp

Filesize
32KB

Download
memory/540-55-0x0000000004D10000-0x0000000004D18000-memory.dmp

Filesize
32KB

Download
memory/540-53-0x0000000004BE0000-0x0000000004BE8000-memory.dmp

Filesize
32KB

Download
memory/540-1-0x00000000001C0000-0x00000000001C3000-memory.dmp

Filesize
12KB

Download
memory/540-32-0x0000000004BE0000-0x0000000004BE8000-memory.dmp

Filesize
32KB

Download
memory/540-508-0x0000000000400000-0x0000000000661000-memory.dmp

Filesize
2.4MB

Download