General

  • Target

    2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2

  • Size

    1.3MB

  • Sample

    230129-zx5r5sec9y

  • MD5

    8827cdc197863cfa6cbadc731540832b

  • SHA1

    b96f9125b61a99afb83a6566f7feb11fd97ca305

  • SHA256

    2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2

  • SHA512

    4f3cb6d7b5025463a1e8087c2e6ffe1e2186b7b18bea5b374894fabd69024cb03a1adb83aae498a826ce4160c226f23934e811f8ae8dc26e2c759ab62dbeb7f9

  • SSDEEP

    24576:ccURbdngEBJKuumfsEOJrpDI6mUfdRiETmqWVS6ZShnakTufpPBnkqrXepgfVYyc:ccURpgmJBr+JVIsdRi/MYBBnky3VRc

Malware Config

Extracted

Family

ffdroider

C2

http://101.36.107.74

Targets

    • Target

      2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2

    • Size

      1.3MB

    • MD5

      8827cdc197863cfa6cbadc731540832b

    • SHA1

      b96f9125b61a99afb83a6566f7feb11fd97ca305

    • SHA256

      2781b3209b36b385ac125836544fff3394376e5b17812bc0d7f9ea89c997e2c2

    • SHA512

      4f3cb6d7b5025463a1e8087c2e6ffe1e2186b7b18bea5b374894fabd69024cb03a1adb83aae498a826ce4160c226f23934e811f8ae8dc26e2c759ab62dbeb7f9

    • SSDEEP

      24576:ccURbdngEBJKuumfsEOJrpDI6mUfdRiETmqWVS6ZShnakTufpPBnkqrXepgfVYyc:ccURpgmJBr+JVIsdRi/MYBBnky3VRc

    • FFDroider

      Stealer targeting social media platform users first seen in April 2022.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks whether UAC is enabled

MITRE ATT&CK Enterprise v6

Tasks