Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64c86753f97bdb8bc213eeedc601fad6685c03fc6c104be6b8672ed46e51f0dd

  • Size

    1.8MB

  • Sample

    220924-mw1qksbbd3

  • MD5

    29f5eff625ead99d5eb20b2b4304167f

  • SHA1

    a71dfe299a95ba820d8652d16c010da06438ffd7

  • SHA256

    64c86753f97bdb8bc213eeedc601fad6685c03fc6c104be6b8672ed46e51f0dd

  • SHA512

    5aa94399ef2ed26df1131de9bdc5a39ac684cccdf7efb663efefd273c5c9ae230993b9e16ffbc439c92f8d406052eaad18b7bd45dc160d4b0ef88e8069ef4037

  • SSDEEP

    24576:Sx5jJI/ga/ri30am6ZOBCrhfKR6rW6l56J4KmMjz3phXtgx2D1GR3ugA+IChSADm:05j2/SrZbRk6rn5/KZtox25w3uPKSq

Malware Config

Extracted

Family

ffdroider

C2

http://103.106.202.174

Targets

    • Target

      64c86753f97bdb8bc213eeedc601fad6685c03fc6c104be6b8672ed46e51f0dd

    • Size

      1.8MB

    • MD5

      29f5eff625ead99d5eb20b2b4304167f

    • SHA1

      a71dfe299a95ba820d8652d16c010da06438ffd7

    • SHA256

      64c86753f97bdb8bc213eeedc601fad6685c03fc6c104be6b8672ed46e51f0dd

    • SHA512

      5aa94399ef2ed26df1131de9bdc5a39ac684cccdf7efb663efefd273c5c9ae230993b9e16ffbc439c92f8d406052eaad18b7bd45dc160d4b0ef88e8069ef4037

    • SSDEEP

      24576:Sx5jJI/ga/ri30am6ZOBCrhfKR6rW6l56J4KmMjz3phXtgx2D1GR3ugA+IChSADm:05j2/SrZbRk6rn5/KZtox25w3uPKSq

    • FFDroider

      Stealer targeting social media platform users first seen in April 2022.

    • FFDroider payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks