General
-
Target
setup-gridinsoft-fix.exe
-
Size
2.2MB
-
Sample
230927-arkscaee4v
-
MD5
615283dd46e053f99e0ffadb63cf3708
-
SHA1
233b17becb7d784328cc7baa3d5c6f8589ddc079
-
SHA256
c58e9817069ca2da6d5330b911460d74bc66d51419e4a99e489fe392e4a6e7a3
-
SHA512
cbf97d054e0a50f948e7cdb47ad3591161517526cf6a38f2d31dc761c3f214218ce5479bf439d1f3bee9b21e693d29ffb72095071c4295b82c55a52952ce8e39
-
SSDEEP
49152:iWNuVKGn1oSyYDTIwZZWNhPHEWO9HTbxrLklTG0LXvhS/:6VVZYiWO9xrLklTG0LXvhS/
Malware Config
Targets
-
-
Target
setup-gridinsoft-fix.exe
-
Size
2.2MB
-
MD5
615283dd46e053f99e0ffadb63cf3708
-
SHA1
233b17becb7d784328cc7baa3d5c6f8589ddc079
-
SHA256
c58e9817069ca2da6d5330b911460d74bc66d51419e4a99e489fe392e4a6e7a3
-
SHA512
cbf97d054e0a50f948e7cdb47ad3591161517526cf6a38f2d31dc761c3f214218ce5479bf439d1f3bee9b21e693d29ffb72095071c4295b82c55a52952ce8e39
-
SSDEEP
49152:iWNuVKGn1oSyYDTIwZZWNhPHEWO9HTbxrLklTG0LXvhS/:6VVZYiWO9xrLklTG0LXvhS/
Score10/10-
FFDroider
Stealer targeting social media platform users first seen in April 2022.
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1