ffdroider | 1dce5d2a9682c811f7c4dd7e4f4c8f26ba35bba8803efe316aabddafb41c1708 | Triage

Submit
Reports

Overview

overview

Static

static

7

d7eb620404...e3.exe

windows7-x64

d7eb620404...e3.exe

windows10-2004-x64

Sharing

General

Target

d7eb620404874d7f77870f1b1ecaeee3
Size

758KB
Sample

240320-fdypyagh52
MD5

d7eb620404874d7f77870f1b1ecaeee3
SHA1

e281d765ee3facac0140732427c291f1a31d90b4
SHA256

1dce5d2a9682c811f7c4dd7e4f4c8f26ba35bba8803efe316aabddafb41c1708
SHA512

5042740a5f8d650cdce19b07eb45896dac5b76c853a60158b4c09ddbf83f3463ba6789dc93357aad18343add3a84e1e518c9511e0bc1af16ff16966007ad4bb8
SSDEEP

12288:AfZMnJxs7QUxOwR8s3AYxHHu90MnJ33Px1MKU2GLcOPSv8AQv8JyWOOFPDGMi4:AfZMg7QXw2sQYtuHJHpORncOKv8TTWNM

Score

10^/10

ffdroider evasion spyware stealer trojan vmprotect

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d7eb620404874d7f77870f1b1ecaeee3.exe

Resource

win7-20240221-en

ffdroider stealer vmprotect

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7eb620404874d7f77870f1b1ecaeee3.exe

Resource

win10v2004-20240226-en

ffdroider evasion spyware stealer trojan vmprotect

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

ffdroider

C2

http://128.1.32.84

Targets

- Target
  
  d7eb620404874d7f77870f1b1ecaeee3
- Size
  
  758KB
- MD5
  
  d7eb620404874d7f77870f1b1ecaeee3
- SHA1
  
  e281d765ee3facac0140732427c291f1a31d90b4
- SHA256
  
  1dce5d2a9682c811f7c4dd7e4f4c8f26ba35bba8803efe316aabddafb41c1708
- SHA512
  
  5042740a5f8d650cdce19b07eb45896dac5b76c853a60158b4c09ddbf83f3463ba6789dc93357aad18343add3a84e1e518c9511e0bc1af16ff16966007ad4bb8
- SSDEEP
  
  12288:AfZMnJxs7QUxOwR8s3AYxHHu90MnJ33Px1MKU2GLcOPSv8AQv8JyWOOFPDGMi4:AfZMg7QXw2sQYtuHJHpORncOKv8TTWNM
Score

10^/10

ffdroider stealer vmprotect evasion spyware trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ffdroiderstealervmprotect

behavioral2

ffdroiderevasionspywarestealertrojanvmprotect

© 2018-2024

Terms | Privacy