ffdroider

General

Target

5c21cca8d79a5c46f7f1bd78b222c47a.exe
Size

3.9MB
Sample

220512-hjl97sagf5
MD5

5c21cca8d79a5c46f7f1bd78b222c47a
SHA1

bd249dea8ceb0a4bde6ee336ed2063696b821767
SHA256

5b60d2cb0b63bcd9c7df5873496d119de3f5364ba6eeea8548f20b2940a73ffa
SHA512

1f63c24f59d5508a81e371e8c4ab8f11ce1c61a31fb78ecefdbe3d59d5e62eb281bda61e507642b92f3a897b11b0a3b0dcee3369cb78686097c91c91b08108d7

Score

10^/10

Malware Config

Targets

- Target
  
  5c21cca8d79a5c46f7f1bd78b222c47a.exe
- Size
  
  3.9MB
- MD5
  
  5c21cca8d79a5c46f7f1bd78b222c47a
- SHA1
  
  bd249dea8ceb0a4bde6ee336ed2063696b821767
- SHA256
  
  5b60d2cb0b63bcd9c7df5873496d119de3f5364ba6eeea8548f20b2940a73ffa
- SHA512
  
  1f63c24f59d5508a81e371e8c4ab8f11ce1c61a31fb78ecefdbe3d59d5e62eb281bda61e507642b92f3a897b11b0a3b0dcee3369cb78686097c91c91b08108d7
Score

10^/10

ffdroider spyware stealer suricata evasion trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider Payload
- suricata: ET MALWARE Win32/FFDroider CnC Activity
  suricata: ET MALWARE Win32/FFDroider CnC Activity
  suricata
- suricata: ET MALWARE Win32/FFDroider CnC Activity M2
  suricata: ET MALWARE Win32/FFDroider CnC Activity M2
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

FFDroider Payload

suricata: ET MALWARE Win32/FFDroider CnC Activity

suricata: ET MALWARE Win32/FFDroider CnC Activity M2

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Checks whether UAC is enabled

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2