Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15-04-2024 01:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
eff86670294eff00ad9939f819212fe1_JaffaCakes118.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
General
-
Target
eff86670294eff00ad9939f819212fe1_JaffaCakes118.exe
-
Size
954KB
-
MD5
eff86670294eff00ad9939f819212fe1
-
SHA1
d19b908bd145091ad5daacb527f226c6fbd61be0
-
SHA256
011995e4a15b31e09854361d1c1f1024f5c0c2e965ba2892cf0080c586cbf4e7
-
SHA512
f1f81fe38147d390eeaf32b6dfba6b042a935fe4e814694fd0a64ec178248a3d803d0a2b0e64560995c3b6583e0ba062f53bab9b6272200c31d61a60996eedb9
-
SSDEEP
12288:2OArYqQXh4GCSVtwvPhC4wq/qkLdTu3rLS7Q3CkMQbk9s7N1eb6GziPEwkJU56v9:fAmZTwRwoQnQnkJkNFmP0RvbWKvt
Malware Config
Extracted
Family
ffdroider
C2
http://186.2.171.3
Signatures
-
FFDroider payload 2 IoCs
resource yara_rule behavioral1/memory/2584-20-0x0000000000400000-0x000000000063C000-memory.dmp family_ffdroider behavioral1/memory/2584-39-0x0000000000400000-0x000000000063C000-memory.dmp family_ffdroider -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 2584 eff86670294eff00ad9939f819212fe1_JaffaCakes118.exe