Extracted

• • Target

    7d93101bd09192103d9748210481a27fc9c28204949fe6ecdbd29aaae6d9faad

  • Size

    2.1MB

  • MD5

    47e9985fb2b8c298c60a43cecffc496b

  • SHA1

    346795b32e437593214332389b3f69bf2eb3b80b

  • SHA256

    7d93101bd09192103d9748210481a27fc9c28204949fe6ecdbd29aaae6d9faad

  • SHA512

    180bab97f592572e43219c0a5ee10cdcdeb2f494dab8c569aa22fa976f16afcb50224eb6663e9f20cfb11ad3e7e0c37ff21b1f29e6fd3d110947c96e1f39b763

  • SSDEEP

    49152:BriQhi2pqWhMPME0qw5xY59IvZd6meYps0ZTOQYo7xVv:BuQ02Ta0BrvZd6d30ZKQYw

  Score

  10^/10

  ffdroiderspywarestealerupxevasionpersistencetrojan

  • FFDroider

    Stealer targeting social media platform users first seen in April 2022.

    stealerffdroider

  • FFDroider payload

  • Modifies AppInit DLL entries

    persistence

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2