Overview

overview

8

Static

static

3

FFbd.dll

windows7-x64

8

FFbd.dll

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    FFbd.dll

  • Size

    10KB

  • Sample

    240705-fejx6ssgpp

  • MD5

    ff70a29ec9361ec5c5107788dfa3fcb3

  • SHA1

    3a8206eba21c66c2955f970dbb8ceac36dbab917

  • SHA256

    87904f0d8a76ca68a802faa3987df9490b8bd213937c9028afe6089f036a864c

  • SHA512

    3b8b43f54332027a7dd56283a13dd998793a9ca2b32df6d128708e813b01d02ceccf77c4ad23449ad62b0bd5d5aa4fe7123afee6c1aba74d5b86a78833e6a1ee

  • SSDEEP

    192:OECWJBPHhqt33bXvFQWyjOvp/C2j3WzMVft4L:O0hwt3btsj4p/rj3WCfu

Score
8/10

Malware Config

Targets

    • Target

      FFbd.dll

    • Size

      10KB

    • MD5

      ff70a29ec9361ec5c5107788dfa3fcb3

    • SHA1

      3a8206eba21c66c2955f970dbb8ceac36dbab917

    • SHA256

      87904f0d8a76ca68a802faa3987df9490b8bd213937c9028afe6089f036a864c

    • SHA512

      3b8b43f54332027a7dd56283a13dd998793a9ca2b32df6d128708e813b01d02ceccf77c4ad23449ad62b0bd5d5aa4fe7123afee6c1aba74d5b86a78833e6a1ee

    • SSDEEP

      192:OECWJBPHhqt33bXvFQWyjOvp/C2j3WzMVft4L:O0hwt3btsj4p/rj3WCfu

    Score
    8/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks