Overview
overview
7Static
static
78fa9719792...fc.exe
windows7-x64
78fa9719792...fc.exe
windows10-2004-x64
7$LOCALAPPD...ds.exe
windows7-x64
7$LOCALAPPD...ds.exe
windows10-2004-x64
7$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
1$PLUGINSDI...ns.dll
windows10-2004-x64
1$PLUGINSDI...ad.dll
windows7-x64
3$PLUGINSDI...ad.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/Time.dll
windows7-x64
3$PLUGINSDIR/Time.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ef.dll
windows7-x64
3$PLUGINSDI...ef.dll
windows10-2004-x64
3$PLUGINSDIR/mt.dll
windows7-x64
1$PLUGINSDIR/mt.dll
windows10-2004-x64
1$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
1FM4ffx.exe
windows7-x64
7FM4ffx.exe
windows10-2004-x64
7$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3Analysis
-
max time kernel
143s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
04/02/2024, 16:49
Behavioral task
behavioral1
Sample
8fa9719792d0704543e239c4546b05fc.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8fa9719792d0704543e239c4546b05fc.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$LOCALAPPDATA/funmoods.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/ExtractDLLEx.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/IEFunctions.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoad.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/Time.dll
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/Time.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/chrmPref.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/mt.dll
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/mt.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
FM4ffx.exe
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
FM4ffx.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
General
-
Target
FM4ffx.exe
-
Size
319KB
-
MD5
fe768a6b82ed2a59c58254eae67b8cf9
-
SHA1
3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
-
SHA256
3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
-
SHA512
3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
-
SSDEEP
6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe 4580 FM4ffx.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
10KB
MD538977533750fe69979b2c2ac801f96e6
SHA174643c30cda909e649722ed0c7f267903558e92a
SHA256b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35
SHA512e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53
-
Filesize
5KB
MD5aac69f856c4540edd4ef7ce6c8571639
SHA12860f55ea9774d631219e66604051e90a43258b7
SHA2566dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd
SHA512ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd
-
Filesize
5KB
MD569806691d649ef1c8703fd9e29231d44
SHA1e2193fcf5b4863605eec2a5eb17bf84c7ac00166
SHA256ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6
SHA5125e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb
-
Filesize
774B
MD51c8929492492a4a6a546d90e36452614
SHA1ff178d11dc8c4b4613541dcc275c4e617ffc6e8a
SHA256af9e13c1ecf82469cb02765da7ca884d96f5f7d8bc7e7f9df81f8060c23bfabb
SHA512c8a0cf29ab884377f8cd186b15cdbf486f45d2593aa9250264e7535af36763e3263aca7233ecc4a2c618c15f550856018ccfc539461a4e16d04d1c1f429cfc6a
-
Filesize
181B
MD58cc6452e850a8e1d0339bf2618177e75
SHA1c6bdd9b8a86b3171ff622b6625bccd419677ff31
SHA2562c6a66169f4e91de638900a80c295c0ae0ae3c7976e6ff8bb449707a78e3a45d
SHA512abf38fc2281240c17723b41ca144bc83d4955fa4795febf70edf6819ec47eaad58dd93036f75d4624195e222f5c10dd0e5f7406bc3aed6926776ac7ea8b5b342
-
Filesize
541B
MD5718e52a1d6be1cc8509b395a8d6a592a
SHA191f8f416d21852cad8e70243c9bdfb764b9ece6c
SHA2567e25cea8f96b5fa6e4fb2476df599d5c4e6864d7215f36f6cb14b2e444861b28
SHA512744286444d3dd90844c66fe5bba10d7718b9a062d200b9707a4d5dbb46bf6974ba137172841a9ebc72683f591e5cf9ed04b533012d20ca7fcde0c8dd204da984
-
Filesize
597B
MD5fd6c8feefdc8bfa22cc4ed7e001a1207
SHA1d7ae2eaf83bd5bc887316e9f0d7cdc28730ebb0f
SHA256b2403423d8192df692e3303e97e702e5b25833a3fc49b6fcab781e2d285d5586
SHA5123fa13055bf3187ef811e10fb34b41e4f755e0c1d22c9bf07650bf08707a9d8e7aa01c9971e110e2f12712ab666ba712b27c7be6473805c1ebeef562a21cf3eb6
-
Filesize
347B
MD5c9f6532768b8ca55799f110a3bdbaf8d
SHA1b94f312720b55e63e1896998fb6332c3a3547436
SHA2566f6d9975e2547fbcc45f2975693f03d20fdb4e2f939e60a66bdc5a969fab6f77
SHA512910b67f863e383efb14c300c76f0bdfbdac3237967c5ce3500c82ddbfb1ac3071dcfb8cdc238468377835ffd347536f3c5239330d0b70d93d60f7c653eae1342
-
Filesize
730B
MD530dbc329cdaa4e740e238b940e75c3c0
SHA164b71912a7d6f4cfc05fde8944f0c29327418d3f
SHA256209b38c8ce14f31db12074182829fa2949223b8e10ac4f447fcfe97efbc26068
SHA512d18c7232829e693256b0d3942111dbe1dcd1fd6c03cf04d9687df4f5290f9755ae71e18c6bd34cdbee3ab63cf7f6120615103b5f54a98a22330bf726486d5194
-
Filesize
486B
MD5180fd0af453438d2b82e5d360f9ececf
SHA13ccefd73decfef7ba9eca3746e2f009d43ddd5d3
SHA256d1ca34d5cc1f42be9c989c1debb2c3fe65a9b2d4e6a400b47f3350de49b4999f
SHA5129e80baeba4976dab6a19a56ae4f2aa54846c1494d34cee6f24e0bd2752ccb6b76881ee149364cd14f1a2437fc4a60aca6f060e913bb2dedcc5acd2dbd7a3952f
-
Filesize
1KB
MD52d306fb7be8000158ff6be23611b808a
SHA12ab36b9240191c41b1edb540b59b160c5e30be3b
SHA2568d710396991fd7bafa4f13f7c1bf148d09b7254dcf0e1d2d246ccde3da506880
SHA512eced556e0c340b70a2fec67c174390e959a48df90664b73f6c0c6056b84e7f0647823e73ac9099883c3bc797b790df12e5133d6ff7631e1f72597c1b7ce073bf
-
Filesize
469B
MD511dbaf06acb6b146c476005a969bfdeb
SHA172d15eb58cf394723198b5e14a9fd2c8629bf516
SHA256a95d22b584c1f23519ef2b3e9ad4a9c50d81f9249737ef717625125b28588c1a
SHA5129b4f13d0e5f189c5e4ec955f438096843cfbc1942087c9d010ff42382741a3f4b8adafa3df0b25dd190ee29af5aada69218625873999e5b6f3e694edd03d62bf
-
Filesize
779B
MD5a29437f9a54b038545c0a4f508f577e3
SHA1a2a08ca33997a838254d794149227f4976b01b88
SHA256c5dd85e676ca02cb1ce5b95dd02b7146e8b18fc56df5d9713cc91654d037b678
SHA512ba0e3a6a7dab51268f6ca0fab1df4ae824c655af8625ab7a46f254bb05ed57a2f4fdf1ccdbbb58afa8842ce9c33fdecd19ba628d774d34e72b65deaf78f77269
-
Filesize
680B
MD5aa0339921924526249500ab4eb6a1990
SHA1569fcd45d59bbbb7db89097a57a8f0656fe407da
SHA256d68c9f1b1c48416c17010a953849c27e7a79694df4be81674946b41c0d11c5a8
SHA5120d67a07c69441e0856439fa576d7559d446c3b6d6b2e0165d85e01441b9e3d50ae45475de486575584061d403cc16ca73f3efb3439d9d8c53a8b19952de4b3f6
-
Filesize
719B
MD556a1503a804744597d77c4a355c70854
SHA117ece3d0b331f208bb419e973ece1b32cdcf97ec
SHA256c95700f0497469b4dd61bbb4ce6d0169ac8b86bc2297e17e884c5a44e4f89506
SHA512e824d8e49c10bb092c8c9fa94c85fc9352b0df2ec0f826b3163f25566946f9cbb1901965cf2580ebcfedb06e7d70a39614f7cbb369dc74413faaa4eab6fb1b64
-
Filesize
431B
MD5b1c9d23c622a51406665dc62c01e98e2
SHA16d96252d410c62d20ec32f39a872b2edf9e33a69
SHA2562cc2adbd5a33dd2d2cb2b9d24d671a3ddb930501dc63e386e438c1e7edbb31fa
SHA512e17d26f914f84ee4644a202337291ef0ff97e8bbc8a68a762233bf98e711b57248785ad7dbf40c6aed91b02ba0bd64c68b7584a935369283b46eaca940051e08
-
Filesize
662B
MD55c5d55e1443ef14f519d144431e218ff
SHA17558b477709271bfa455be2142c0128bb5d2d126
SHA2569e8ca55b0f36e2cd9322c77d2a0b0cf6e10b16bcf5d2652bbbf0afda3f6c051c
SHA5123d151a4eec17341737f0238b94422328a78284a936fd0ce7344797271ed8c0698ddca4ebfae06f8477fc285f8dec800a983411e46b78ba4df28ffda93e189cdb
-
Filesize
930B
MD5cb57a9d4fa8359b3f1a9286270076d58
SHA18ec708f52ec24002eb95d01019a14d2feb99d20d
SHA25633e71a70b9840e32de0e0370181f40aed64e5cd51328f4c79bca3384b2425e0f
SHA512ae21c426490e53f203cd2161db758ab4e3d805c0e7304066613f4e27490e2bcb86f062eaf8ad5576a2de59d259e4ab46d818222038ea7821b0c4ae2682c1c252
-
Filesize
980B
MD59df8912833d848bba5868b4f6553a278
SHA14cc3161616de3f119bdc3903a9ddf91012dedc87
SHA25671f5ae1f999ac82d7a534f89ed9dceeda047c71d73b2f2b4673792ef16909107
SHA5126bdc593cecce2d4f01ed07b205122e4643e82f4409b7e2a9b3b0a14b8b68283df6747ed08284391e9f0f134032478deef9ab826cdb07c175e5b7969d3252e349
-
Filesize
412B
MD5823d0e37e8380caad4df2b7194748ae5
SHA1c8b68e67fb0ce12c3bf762aa12ca3e8b64354d69
SHA2566d093ed1cd986fb0de259a8fd3b7636145804f2d881a7bcdda354b59e2e054f3
SHA5125cd1bb066011bb7103969b1df2d05dfc2c16e2f97e1dd11f601ebb443f1c17abe666294b5ff19e195f59edf82128b645b664c2f15b2020376ee920d88559afb0
-
Filesize
524B
MD527802ab75f5e987ea5d9cf13bd57dab5
SHA100325cdcaba60d5e9ad16cefabec08de0675c984
SHA2564b129fe7e22573a89c6ef9ecfc33ec75d4feaca47a27dcf0cc86f72fc2eb1691
SHA512cafb6e5605c1a59561e607649c23068d9b3303cff6a6c4f99eedd05487c5dd8b4c5b43fe473318dcae4199984c59e0671256e8ec9157789d559287bf22f629e2
-
Filesize
628B
MD50e108918b85c38c905422635bfa12943
SHA1660b35431674cff7c4e0ba8122506675013763f5
SHA2566512ee79eb3556739c0635808ab7d65b7594d1baaee6b85352b83196a69fd806
SHA51245c5f1847fdeb80308835da4381c8aa6788eb78d51710c63e1c58915b330319d295af35a91619f78392c2825bb6ce4c7e334ad33a554b4baf1a1beab36822f72
-
Filesize
236B
MD54d6dff940b7281903cab136ee933bd12
SHA18e29bd0ea6f36deb72e56ef049171fd8196cef02
SHA25697dcef51fcff72bade73984593e54b357116d39e8645dcd061c4615588a2dcb4
SHA51229f9ac54dacb9463ae8bb5f9bf795f4ddaefcdc8969485fa9f5134f497a424bc1e5a8ff6833d37f4799dcb024ead27e2f39b08ca0df3eb1598cdde9240be89e1