ffdroider | 4e308610174aebba11f6f26ce2270b71d94839c74e3a98ff3840f96e5e6833e9 | Triage

Sharing

General

Target

4e308610174aebba11f6f26ce2270b71d94839c74e3a98ff3840f96e5e6833e9
Size

2.1MB
Sample

240728-hadayasfqj
MD5

424b339088a06a6f2a811e3da303c7ab
SHA1

8d5f878b33a502eefe029bcbd73d96c0030836f3
SHA256

4e308610174aebba11f6f26ce2270b71d94839c74e3a98ff3840f96e5e6833e9
SHA512

b68e565a7f6cdb9bfc83bf23db5fb6492e509f94df486c2c2bc50560e2d49e0b9d501eccf88e5636d77f1d7af9089bf07f3baedf941144a5daf796f33c565b41
SSDEEP

49152:7/ZIHbyg9mU93QPADm7IyqqzIFPmqUkeXNZ7HmQScI+dc:7/ZIeg9mU93NDzEOPNUk6Z7pScTdc

Score

10^/10

ffdroider discovery evasion spyware stealer trojan

Malware Config

Extracted

Family

ffdroider

C2

http://186.2.171.3

Targets

- Target
  
  4e308610174aebba11f6f26ce2270b71d94839c74e3a98ff3840f96e5e6833e9
- Size
  
  2.1MB
- MD5
  
  424b339088a06a6f2a811e3da303c7ab
- SHA1
  
  8d5f878b33a502eefe029bcbd73d96c0030836f3
- SHA256
  
  4e308610174aebba11f6f26ce2270b71d94839c74e3a98ff3840f96e5e6833e9
- SHA512
  
  b68e565a7f6cdb9bfc83bf23db5fb6492e509f94df486c2c2bc50560e2d49e0b9d501eccf88e5636d77f1d7af9089bf07f3baedf941144a5daf796f33c565b41
- SSDEEP
  
  49152:7/ZIHbyg9mU93QPADm7IyqqzIFPmqUkeXNZ7HmQScI+dc:7/ZIeg9mU93NDzEOPNUk6Z7pScTdc
Score

10^/10

ffdroider discovery spyware stealer evasion trojan
- FFDroider
  Stealer targeting social media platform users first seen in April 2022.
  stealer ffdroider
- FFDroider payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ffdroiderdiscoveryspywarestealer

behavioral2

ffdroiderdiscoveryevasionspywarestealertrojan