SYMBOLCOMMON_NAMEaka. SYNONYMS
win.fdmtp (Back to overview)

FDMTP

Actor(s): MUSTANG PANDA

FDMTP is a newly discovered hacking tool developed in .NET, used by Earth Preta. It functions as a simple malware downloader and is based on the TouchSocket framework over the Duplex Message Transport Protocol (DMTP). In one campaign, threat actors embedded FDMTP in the data section of a DLL. This allows it to be launched through DLL side-loading. The embedded network configurations are encoded and encrypted to enhance security and evade detection, utilizing Base64 and DES encryption methods. It has been observed to serve as a secondary control tool, often deployed by the PUBLOAD backdoor.

References
2024-09-24Trend MicroLenart Bermejo, Sunny Lu, Ted Lee
Earth Preta Evolves its Attacks with New Malware and Strategies
FDMTP

There is no Yara-Signature yet.