ffdroider | 297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139

General

Target

297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe
Size

516KB
MD5

d670626739baf01bc1b0ed219bee29ff
SHA1

d2995225df8c46db702c48597ad4e7a1d5189100
SHA256

297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139
SHA512

1aac5f82ad2c547716a424c8b6eb0efb52416bef210216b7eec0518f55ff56499dab7d9cf47bcd36dfe356f7205580ed8a3e9d4c0c4b084892af252dfff28cee

Score

10^/10

ffdroider evasion spyware stealer trojan

Malware Config

Signatures

FFDroider
Stealer targeting social media platform users first seen in April 2022.
stealer ffdroider
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2304	297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe
Token: SeManageVolumePrivilege	2304	297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe

C:\Users\Admin\AppData\Local\Temp\297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe
"C:\Users\Admin\AppData\Local\Temp\297930caf876d051c683fbb9060a897095bc348f8721b69b8cf3d6542692a139.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
PID:2304

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-130-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/2304-131-0x0000000003570000-0x0000000003580000-memory.dmp

Filesize
64KB

Download
memory/2304-137-0x00000000036D0000-0x00000000036E0000-memory.dmp

Filesize
64KB

Download
memory/2304-144-0x00000000041C0000-0x00000000041C8000-memory.dmp

Filesize
32KB

Download
memory/2304-143-0x00000000041A0000-0x00000000041A8000-memory.dmp

Filesize
32KB

Download
memory/2304-145-0x0000000004260000-0x0000000004268000-memory.dmp

Filesize
32KB

Download
memory/2304-146-0x00000000044F0000-0x00000000044F8000-memory.dmp

Filesize
32KB

Download
memory/2304-147-0x0000000004510000-0x0000000004518000-memory.dmp

Filesize
32KB

Download
memory/2304-148-0x00000000048B0000-0x00000000048B8000-memory.dmp

Filesize
32KB

Download
memory/2304-149-0x00000000047B0000-0x00000000047B8000-memory.dmp

Filesize
32KB

Download
memory/2304-150-0x0000000004620000-0x0000000004628000-memory.dmp

Filesize
32KB

Download
memory/2304-151-0x00000000041C0000-0x00000000041C8000-memory.dmp

Filesize
32KB

Download
memory/2304-152-0x0000000004620000-0x0000000004628000-memory.dmp

Filesize
32KB

Download
memory/2304-153-0x0000000004750000-0x0000000004758000-memory.dmp

Filesize
32KB

Download
memory/2304-154-0x00000000041C0000-0x00000000041C8000-memory.dmp

Filesize
32KB

Download
memory/2304-155-0x0000000004750000-0x0000000004758000-memory.dmp

Filesize
32KB

Download
memory/2304-156-0x0000000004620000-0x0000000004628000-memory.dmp

Filesize
32KB

Download
memory/2304-183-0x0000000004140000-0x0000000004148000-memory.dmp

Filesize
32KB

Download
memory/2304-184-0x0000000004140000-0x0000000004148000-memory.dmp

Filesize
32KB

Download
memory/2304-185-0x00000000042C0000-0x00000000042C8000-memory.dmp

Filesize
32KB

Download
memory/2304-186-0x0000000004370000-0x0000000004378000-memory.dmp

Filesize
32KB

Download
memory/2304-187-0x0000000004380000-0x0000000004388000-memory.dmp

Filesize
32KB

Download
memory/2304-188-0x00000000042E0000-0x00000000042E8000-memory.dmp

Filesize
32KB

Download
memory/2304-190-0x00000000042E0000-0x00000000042E8000-memory.dmp

Filesize
32KB

Download
memory/2304-204-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download

Analysis

Sharing