ffdroider | a4c1df15712b32ba96bfd375ee306f67fa29751007774d06b08cd092e7feeb9a | Triage

Submit
Reports

Overview

overview

Static

static

8

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

1.8MB
Sample

221002-srbhsacce2
MD5

925bd0fe97f5dfd06ba90e824edcc312
SHA1

ff4cbb0d01cade27d26a67f4cfe7c46a9e554b87
SHA256

a4c1df15712b32ba96bfd375ee306f67fa29751007774d06b08cd092e7feeb9a
SHA512

75a6f215c398cd3be4562397baa64e8bb631c52c9d3608aad051390f4cfdef43795ff102a9b7718a4b1450137521dc59699145c8b87e92e85fa748aea41fbc5b
SSDEEP

24576:KvkGHxBMzQo3rsiKYO42mx/RHsG9/DKELiGNNx/D1aR3ugA+IChSAD/v1Xu6rnI4:KvlRGEohleo/RMUrBWwx/5U3uPKSqA

Score

10^/10

ffdroider aspackv2 evasion persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

ffdroider persistence spyware stealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

ffdroider evasion persistence spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

ffdroider

C2

http://103.106.202.174

Targets

- Target
  
  file.exe
- Size
  
  1.8MB
- MD5
  
  925bd0fe97f5dfd06ba90e824edcc312
- SHA1
  
  ff4cbb0d01cade27d26a67f4cfe7c46a9e554b87
- SHA256
  
  a4c1df15712b32ba96bfd375ee306f67fa29751007774d06b08cd092e7feeb9a
- SHA512
  
  75a6f215c398cd3be4562397baa64e8bb631c52c9d3608aad051390f4cfdef43795ff102a9b7718a4b1450137521dc59699145c8b87e92e85fa748aea41fbc5b
- SSDEEP
  
  24576:KvkGHxBMzQo3rsiKYO42mx/RHsG9/DKELiGNNx/D1aR3ugA+IChSAD/v1Xu6rnI4:KvlRGEohleo/RMUrBWwx/5U3uPKSqA
Score

10^/10

ffdroider persistence spyware stealer evasion trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ffdroiderpersistencespywarestealer

behavioral2

ffdroiderevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy