ffdroider | d1260997bc5cd00b88b61cb7adddae0768a3af22fa53e365a78bd528537f2b74 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

3.8MB
Sample

220909-lrmgqaghd9
MD5

31602ebe5470cf625f5d0888fbd9918c
SHA1

361e0bc1d515b4d5edf17339cd4e866e004b6a98
SHA256

d1260997bc5cd00b88b61cb7adddae0768a3af22fa53e365a78bd528537f2b74
SHA512

4c6a99d8413577e0705a9919bb51780f4395c025e20e97d7d7e92201825c2356d3e4d34840090eb052670b973eaa6c37d0a3294d339023d4e08ac3b86ccfca17
SSDEEP

98304:oD9UShZa98B/bLlcHv3s/H9dAtdiplNRH6u7EKuJtbdOCdLewkb2a13QSH:oGShjNlw30fG2N55v

Score

10^/10

ffdroider evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220901-en

ffdroider persistence spyware stealer

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

ffdroider evasion persistence spyware stealer trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

ffdroider

C2

http://103.136.42.153

Targets

- Target
  
  file.exe
- Size
  
  3.8MB
- MD5
  
  31602ebe5470cf625f5d0888fbd9918c
- SHA1
  
  361e0bc1d515b4d5edf17339cd4e866e004b6a98
- SHA256
  
  d1260997bc5cd00b88b61cb7adddae0768a3af22fa53e365a78bd528537f2b74
- SHA512
  
  4c6a99d8413577e0705a9919bb51780f4395c025e20e97d7d7e92201825c2356d3e4d34840090eb052670b973eaa6c37d0a3294d339023d4e08ac3b86ccfca17
- SSDEEP
  
  98304:oD9UShZa98B/bLlcHv3s/H9dAtdiplNRH6u7EKuJtbdOCdLewkb2a13QSH:oGShjNlw30fG2N55v
Score

10^/10

ffdroider persistence spyware stealer evasion trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ffdroiderpersistencespywarestealer

behavioral2

ffdroiderevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy