ffdroider | 8e3d48148237679d6cdce75b7956121029723aefd3474dea2dd85185fe46ade5 | Triage

Sharing

General

Target

8e3d48148237679d6cdce75b7956121029723aefd3474dea2dd85185fe46ade5
Size

1.7MB
Sample

231126-rdsdpshg87
MD5

7e2ccd4dc2823dd85c12a5f85724f2cd
SHA1

c0be781d4f6b537ba955395bf2240d90ef9759a1
SHA256

8e3d48148237679d6cdce75b7956121029723aefd3474dea2dd85185fe46ade5
SHA512

92ad3e178c3eef1772c5dc92a65908f6db2aaa602080153c0e5272391a5ebfbbe4608374c5196fa674fe1b60c287f2217a8907e9a23aa2629b26fc9963093851
SSDEEP

24576:dYianUR2jR97bUyvK3H1S0vfs2tPwHtnKCKKITko7kGuap0D93MwjBiUNDI4rL:XaXR97bEVSsfsfHtnKCKJz7vRkXjBv

Score

10^/10

ffdroider evasion persistence spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

C2

http://45.43.62.216

Targets

- Target
  
  8e3d48148237679d6cdce75b7956121029723aefd3474dea2dd85185fe46ade5
- Size
  
  1.7MB
- MD5
  
  7e2ccd4dc2823dd85c12a5f85724f2cd
- SHA1
  
  c0be781d4f6b537ba955395bf2240d90ef9759a1
- SHA256
  
  8e3d48148237679d6cdce75b7956121029723aefd3474dea2dd85185fe46ade5
- SHA512
  
  92ad3e178c3eef1772c5dc92a65908f6db2aaa602080153c0e5272391a5ebfbbe4608374c5196fa674fe1b60c287f2217a8907e9a23aa2629b26fc9963093851
- SSDEEP
  
  24576:dYianUR2jR97bUyvK3H1S0vfs2tPwHtnKCKKITko7kGuap0D93MwjBiUNDI4rL:XaXR97bEVSsfsfHtnKCKJz7vRkXjBv
Score

10^/10

ffdroider persistence spyware stealer evasion trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ffdroiderpersistencespywarestealer

behavioral2

ffdroiderevasionpersistencespywarestealertrojan