ffdroider | 01b6cc40ce1ce6611be95ae1789fc6cfeef9cd7d1790bec437df56c54e1de42a | Triage

Sharing

General

Target

a651eb4302692615d55758345f634f96
Size

945KB
Sample

240226-pdcl5sdc39
MD5

a651eb4302692615d55758345f634f96
SHA1

e01b65b9d6779eab784918286fdc29339338e181
SHA256

01b6cc40ce1ce6611be95ae1789fc6cfeef9cd7d1790bec437df56c54e1de42a
SHA512

d4b0075c89660591073e3f5ea82eaf080369f48e0b1f2b69410120f555e21f5c0a1e9f0bf6709a70370801cc3645b9bb44b5c9b68932945370164e81d84cd30b
SSDEEP

24576:dcLciIlEHnNpkzmOEAEBFO9PROHx9zN45hjsz9ReVmb+h:dcXIlqLkCOFEBFmPy9B45hjTVG8

Score

10^/10

ffdroider evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

C2

http://186.2.171.3

Targets

- Target
  
  a651eb4302692615d55758345f634f96
- Size
  
  945KB
- MD5
  
  a651eb4302692615d55758345f634f96
- SHA1
  
  e01b65b9d6779eab784918286fdc29339338e181
- SHA256
  
  01b6cc40ce1ce6611be95ae1789fc6cfeef9cd7d1790bec437df56c54e1de42a
- SHA512
  
  d4b0075c89660591073e3f5ea82eaf080369f48e0b1f2b69410120f555e21f5c0a1e9f0bf6709a70370801cc3645b9bb44b5c9b68932945370164e81d84cd30b
- SSDEEP
  
  24576:dcLciIlEHnNpkzmOEAEBFO9PROHx9zN45hjsz9ReVmb+h:dcXIlqLkCOFEBFmPy9B45hjTVG8
Score

10^/10

ffdroider spyware stealer evasion trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ffdroiderspywarestealer

behavioral2

ffdroiderevasionspywarestealertrojan