ffdroider | c167e698769aa0f9119ad3bfc1f463120be75cc35fe13522e24e49107bdc2594 | Triage

Submit
Reports

Overview

overview

Static

static

b45e9e6de2...18.exe

windows7-x64

b45e9e6de2...18.exe

windows10-2004-x64

Sharing

General

Target

b45e9e6de21b7fff593975adc8550779_JaffaCakes118
Size

5.7MB
Sample

240404-k4pbeabf65
MD5

b45e9e6de21b7fff593975adc8550779
SHA1

e333c3797a402b7d4af72db730a85eae21af16a6
SHA256

c167e698769aa0f9119ad3bfc1f463120be75cc35fe13522e24e49107bdc2594
SHA512

652d6dda82f1467ca417e9ff0bc15b560f68e5a269da1e9ff6b217d266d64d949d191986c3106c2bf7ac991acd73e2b26eeb2e5a0d7b154b737238729ec7292d
SSDEEP

98304:i5DUM8pGFeBSycG465AkIV/U0hfZ+wBW+irvQ/qpyr0k+tOYCvOkVCQuYYI+iZ7V:0qpCHDiAn63OYCvOkVCQuI+7NAjtVa/u

Score

10^/10

ffdroider evasion spyware stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe

Resource

win7-20240319-en

ffdroider spyware stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

b45e9e6de21b7fff593975adc8550779_JaffaCakes118.exe

Resource

win10v2004-20240226-en

ffdroider evasion spyware stealer trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

ffdroider

C2

http://186.2.171.3

Targets

- Target
  
  b45e9e6de21b7fff593975adc8550779_JaffaCakes118
- Size
  
  5.7MB
- MD5
  
  b45e9e6de21b7fff593975adc8550779
- SHA1
  
  e333c3797a402b7d4af72db730a85eae21af16a6
- SHA256
  
  c167e698769aa0f9119ad3bfc1f463120be75cc35fe13522e24e49107bdc2594
- SHA512
  
  652d6dda82f1467ca417e9ff0bc15b560f68e5a269da1e9ff6b217d266d64d949d191986c3106c2bf7ac991acd73e2b26eeb2e5a0d7b154b737238729ec7292d
- SSDEEP
  
  98304:i5DUM8pGFeBSycG465AkIV/U0hfZ+wBW+irvQ/qpyr0k+tOYCvOkVCQuYYI+iZ7V:0qpCHDiAn63OYCvOkVCQuI+7NAjtVa/u
Score

10^/10

ffdroider spyware stealer evasion trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ffdroiderspywarestealer

behavioral2

ffdroiderevasionspywarestealertrojan

© 2018-2024

Terms | Privacy