General

  • Target

    5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b

  • Size

    1.8MB

  • Sample

    220801-fn5agacacm

  • MD5

    e101086987595cde7a1439641814d5cf

  • SHA1

    f7b1b3bd0a933be4adbca78d6938d6dfac90de77

  • SHA256

    5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b

  • SHA512

    216b33d61872fe0ae7c93e1329fa55e369edcffc49be54b7e079edc09ccfd7d7c680c5a2bfdf81008bae666e44b62a3aeca5884ea4d4ea49afc470b8da5f71cd

  • SSDEEP

    49152:oiVOqL26YVweCqo0oKPB803g0Bk+QqX0NmXqxq:ocfrqo5KPB203XgM

Malware Config

Extracted

Family

ffdroider

C2

http://152.32.228.19

Targets

    • Target

      5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b

    • Size

      1.8MB

    • MD5

      e101086987595cde7a1439641814d5cf

    • SHA1

      f7b1b3bd0a933be4adbca78d6938d6dfac90de77

    • SHA256

      5ce27f724cff5f6f4558ec61f2f328df7fbe8905ac032e461358b9a4a1acb34b

    • SHA512

      216b33d61872fe0ae7c93e1329fa55e369edcffc49be54b7e079edc09ccfd7d7c680c5a2bfdf81008bae666e44b62a3aeca5884ea4d4ea49afc470b8da5f71cd

    • SSDEEP

      49152:oiVOqL26YVweCqo0oKPB803g0Bk+QqX0NmXqxq:ocfrqo5KPB203XgM

    • FFDroider

      Stealer targeting social media platform users first seen in April 2022.

    • FFDroider payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks