ffdroider | ed910f69a3915b98dc54e78a25604f22203832fe15befbe7c9353a9227c91550 | Triage

Submit
Reports

Overview

overview

Static

static

89609c41c0...2a.exe

windows7-x64

89609c41c0...2a.exe

windows10-2004-x64

Sharing

General

Target

89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a.zip
Size

1.1MB
Sample

221008-n5mezsefg5
MD5

1234afbc57b494202b48b598cfc72604
SHA1

8c6aa2bbdf71c4f4d7878bbbd5ddb33495b3e0f0
SHA256

ed910f69a3915b98dc54e78a25604f22203832fe15befbe7c9353a9227c91550
SHA512

0de3d71be1d0db9d64339a805bb1a910a9eb4110716c64f200e98412dbd9a48d8b13c01c0e09b06df799fb2fa9ed11fc87400aabafdcb00fb0ae55cdd59641e2
SSDEEP

24576:K7COFtoSYCLt86JkDJI9766g272ucoMamxQV30I7q8ZIDjJRYanqh6Zoy:K7COKX6elI97J2uLMamKV30Gq8Z0jjnX

Score

10^/10

ffdroider neshta aspackv2 persistence spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a.exe

Resource

win7-20220901-en

ffdroider neshta aspackv2 persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a.exe

Resource

win10v2004-20220812-en

ffdroider neshta aspackv2 persistence spyware stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

ffdroider

C2

http://103.136.42.153

Targets

- Target
  
  89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a.exe
- Size
  
  1.1MB
- MD5
  
  0b7d3217ae50a0433b3a96494d089e05
- SHA1
  
  012822d29e1ec200b9cf23e10cb0d8a380ec4da6
- SHA256
  
  89609c41c0c13302695dec877a6863737243e22b414740e0595f62a0c4d1362a
- SHA512
  
  14a2558b3b56fa9f0f1c31dfe2d65cb5b2574c72f16240b94a642be738d1df49d212ebd94a2440aa8c32ba99d2c5876b632a69027615021f2a5bcc552b8d0888
- SSDEEP
  
  24576:6AbXH84DRnKCwyElWCAMmKix1x1IDStOX2cBZ8umx7QgbcxWsG2Emy:DL8uokzK6DxcD8uqzbcxWX/my
Score

10^/10

ffdroider neshta aspackv2 persistence spyware stealer
- Detect Neshta payload
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ffdroiderneshtaaspackv2persistencespywarestealer

behavioral2

ffdroiderneshtaaspackv2persistencespywarestealer

© 2018-2025

Terms | Privacy