ffdroider | 89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a | Triage

Submit
Reports

Overview

overview

Static

static

0b7d3217ae...05.exe

windows7-x64

0b7d3217ae...05.exe

windows10-2004-x64

Sharing

General

Target

0b7d3217ae50a0433b3a96494d089e05.exe
Size

1.1MB
Sample

221008-ld6y7seec4
MD5

0b7d3217ae50a0433b3a96494d089e05
SHA1

012822d29e1ec200b9cf23e10cb0d8a380ec4da6
SHA256

89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a
SHA512

14a2558b3b56fa9f0f1c31dfe2d65cb5b2574c72f16240b94a642be738d1df49d212ebd94a2440aa8c32ba99d2c5876b632a69027615021f2a5bcc552b8d0888
SSDEEP

24576:6AbXH84DRnKCwyElWCAMmKix1x1IDStOX2cBZ8umx7QgbcxWsG2Emy:DL8uokzK6DxcD8uqzbcxWX/my

Score

10^/10

ffdroider neshta aspackv2 persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0b7d3217ae50a0433b3a96494d089e05.exe

Resource

win7-20220812-en

ffdroider neshta aspackv2 persistence spyware stealer

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

0b7d3217ae50a0433b3a96494d089e05.exe

Resource

win10v2004-20220812-en

ffdroider neshta aspackv2 persistence spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

ffdroider

C2

http://103.136.42.153

Targets

- Target
  
  0b7d3217ae50a0433b3a96494d089e05.exe
- Size
  
  1.1MB
- MD5
  
  0b7d3217ae50a0433b3a96494d089e05
- SHA1
  
  012822d29e1ec200b9cf23e10cb0d8a380ec4da6
- SHA256
  
  89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a
- SHA512
  
  14a2558b3b56fa9f0f1c31dfe2d65cb5b2574c72f16240b94a642be738d1df49d212ebd94a2440aa8c32ba99d2c5876b632a69027615021f2a5bcc552b8d0888
- SSDEEP
  
  24576:6AbXH84DRnKCwyElWCAMmKix1x1IDStOX2cBZ8umx7QgbcxWsG2Emy:DL8uokzK6DxcD8uqzbcxWX/my
Score

10^/10

ffdroider neshta aspackv2 persistence spyware stealer
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ffdroiderneshtaaspackv2persistencespywarestealer

behavioral2

ffdroiderneshtaaspackv2persistencespywarestealer

© 2018-2025

Terms | Privacy