ffdroider | f3b7fabd4845a8b66985ff226742cf65556e0786c6e6fa8bfeb12b2d414ae934 | Triage

Sharing

General

Target

f3b7fabd4845a8b66985ff226742cf65556e0786c6e6fa8bfeb12b2d414ae934
Size

496KB
Sample

220502-sqavvsgab7
MD5

57367798e9217c5383b6d32c8a731a21
SHA1

63c73fb9e162fbc904527ff25d31b10a4ec8f910
SHA256

f3b7fabd4845a8b66985ff226742cf65556e0786c6e6fa8bfeb12b2d414ae934
SHA512

60d0a37744332bb1834ba478f7d669dc8fed6626e77cddb6bfd1b8891b04839ce62260b5dacd936d41cf30476b27ad36182fe9067279edc8ede887a5dcbb44b2

Score

10^/10

ffdroider evasion spyware stealer suricata trojan

Malware Config

Targets

- Target
  
  f3b7fabd4845a8b66985ff226742cf65556e0786c6e6fa8bfeb12b2d414ae934
- Size
  
  496KB
- MD5
  
  57367798e9217c5383b6d32c8a731a21
- SHA1
  
  63c73fb9e162fbc904527ff25d31b10a4ec8f910
- SHA256
  
  f3b7fabd4845a8b66985ff226742cf65556e0786c6e6fa8bfeb12b2d414ae934
- SHA512
  
  60d0a37744332bb1834ba478f7d669dc8fed6626e77cddb6bfd1b8891b04839ce62260b5dacd936d41cf30476b27ad36182fe9067279edc8ede887a5dcbb44b2
Score

10^/10

ffdroider spyware stealer suricata evasion trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- suricata: ET MALWARE Win32/FFDroider CnC Activity M2
  suricata: ET MALWARE Win32/FFDroider CnC Activity M2
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ffdroiderspywarestealersuricata

behavioral2

ffdroiderevasionspywarestealertrojan