c2074e7e73c076707b2bd2723f3576cd2e9395de232b0c76c1857b0b6e01e96c

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FM4ffx.exe
Size

319KB
MD5

fe768a6b82ed2a59c58254eae67b8cf9
SHA1

3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
SHA256

3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
SHA512

3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
SSDEEP

6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe
3028	FM4ffx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FM4ffx.exe

C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
"C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsb6F36.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb6F36.tmp\Time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb6F36.tmp\mt.dll

Filesize
5KB

MD5
aac69f856c4540edd4ef7ce6c8571639

SHA1
2860f55ea9774d631219e66604051e90a43258b7

SHA256
6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

SHA512
ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb6F36.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb6FD7.tmp

Filesize
541B

MD5
d33c81b2e8f0473c0c0c0dd945868b88

SHA1
ed36edf7a5b5cff5e078bd14a8548ac80fdd1d84

SHA256
eed02a921d70386d7a2390da9c774b4ba6df1156ae22dd62a9ddb0505ab0c6b5

SHA512
6ab97998e4bb27b730c8d15a1cdb28f82ab4b83c17386c344bbe7037516a99f8f120f14623411f2ca17fb148a0d14b287cba03c028cd695382d92231b2a83436

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb7028.tmp

Filesize
718B

MD5
0972a02546788b6b28dda262e82418c0

SHA1
7487c7673b8c1d99cbe5d7f9eff4f076bea3c391

SHA256
1177dce7f5ced5405a3e9e8d2d57aef2a758dde2e12ca5fc9ac0facf3c65b1e4

SHA512
6f1360265a071f3a873d6b096e0ac93b59473559f83a27f1b65cf8acd6e3c33c15d92f7776111a921e80509eefc2cf68eaeb9a338c72ab30da755fcf7ff25265

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm70BA.tmp

Filesize
979B

MD5
8f0f1b34c74885554e00b806bbdff89b

SHA1
37ffd5a5310753cafc9634eed0357b19c7431e17

SHA256
357398fdca3a8490c0fb82eb4e88b72472931058f84d5bb30821daf6527af77e

SHA512
07775202b584b829bf381963082ea6c57d93b61786e4184da8ac48ef0844b2181efc16a13a9bd1a0092ef6c87aea69d6dfb974285d708a15d562702f22f3a267

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm71B2.tmp

Filesize
778B

MD5
37db66b240f6adaf623a9e6a09403485

SHA1
71fddfc7d2f090d18f5a6c8235bcdb9324898da8

SHA256
f64098eaa143112e96c8966f7ea135520519a915688580a57e635092ed557027

SHA512
0dd5f3ef2ba9b8faae20c225e5ffdd28c132fc67c51b2555a9fc68ece4c86be23b266ae240e563950ebd1b0d130b10a0d773fa2c4d287ff9c02fc6f24e29c69f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr70DA.tmp

Filesize
1KB

MD5
a2a5c48007f2ac783bb9393e8ffe2ec9

SHA1
89e5bda3492d008abd33409e6ad766926aa68b8a

SHA256
bbe7ba7d0d8303651ef0ccd12427496967e7f75d7cbd8a606766999512e3b614

SHA512
e49bee70874cf2233f0db7fcde486d8efee0ce78147b6b8724dadeae9d90b134e63c561e76238a2f27b1f921ccb4fc3361a0fcee4cf4192e4cd6dd0f43d22b81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw70A9.tmp

Filesize
929B

MD5
32dd416dd05b477d9f0346eec6d40d1d

SHA1
e036b744a6703bd63b41596b9ad2d639f322ac5d

SHA256
1eea0a2089fd385face3d585f5db16da78457f6183e33ebbd6ed7467e6b6b414

SHA512
28fd68517a493428254ec4384f511c2b02fedda51933e7cf952534a93049786fff93f81678c27371d87c690175cf54517b04c81f838424d68fe96b3107a4e38b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\user.js

Filesize
597B

MD5
52346db344da6f4400acdb719c5036f2

SHA1
8680b211f7508408f4ffdac14f003ea4f5323834

SHA256
c6ba5c868540ed12dc5c2aa9f3f1c2edf5c60aed23a0843ff280f3fac8d79a37

SHA512
62f7ea510f680f698d777861a7e236439e672cb2f67a2e36693c7ae860ae1613d5cad4a1e6d0c91e244fa693603c61baaeabeb76bb5e5b13287f4074e6d02bd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\user.js

Filesize
661B

MD5
16281a0865d51dd3c772c01072487445

SHA1
d899fe5639a25adfccf7670cd0f48e75de46e2c2

SHA256
5ad64eb10aeac43b17c6e590e94dcd419d6ebb68dd8b04a4c12875e4adc3cd02

SHA512
9cf1a34da4412ccec777b456bb77855db6d36a1ded00e6e86b789be17fa7785f87b2d5a6c07fc968a0d7aa1e27cb914d4523c04fced26bcd90265c45f110efb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1asirm1j.Admin\user.js

Filesize
877B

MD5
aea119a3ca1e2e05e7d7655a2265f1bf

SHA1
6d8d0a07da402229227f9dc12652f33cca0c1387

SHA256
4a6b4e7705cab328ae2e78444ef0f125fbc491c23ff2a1df71835e19913f9544

SHA512
d22ebccbcd5875b81e97d69ef82712ad6794084dde9cb8ef8663a931f474330f4ddc277a60225dbf94790cea2932daa0dc513fcd0c1824ffd64e86f581489daf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\user.js

Filesize
468B

MD5
7542640f2f193fda74b9516b11a0ba3c

SHA1
da3eb11718a929574715d4aef108e68cfc5a37ef

SHA256
87182709a593c71af469b4b28fbb15198f514515a5bb0950eb2c20ad895d234b

SHA512
5b64b747eeea189360389c2369a311216a2f7620f163a20fc167e6d97e66dd12ff41814760f61ca1825ed30cb49436bbb8d193109af77dc5687e082b30cb6eb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\user.js

Filesize
679B

MD5
830cb8bfe7280daecad85b0b6140e470

SHA1
8378818e2feb268f9e9ba1c898e9970cc7593245

SHA256
5507adb1937f2bf83a074cb0e1827dd96e62fa19a0eb41fb3a7c07debe284020

SHA512
28a996b33de4afbead1ef9b70e3f7f2068c07f7e88ae31cb04dea105669569e5727281828010641a49078091ba3380dd940444fa695b8a0007ad9aefc045984b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\user.js

Filesize
347B

MD5
0725399e3a8007fe67cd7590989f2322

SHA1
f255f3b3278069d7d9a8fbdd57d37c5f0cb0bfd6

SHA256
2ae5ab5dd1153378c4ff0b240fd8f6ecf297a01d09a3fc73d750102c2cb539cb

SHA512
cc67bf19d5f10983bc86edd009e9a869bb576f5102a6b1e312fc92f9adedf64aa2f7938fbab32c534ecdbee04a8025253290af45d1518e9f675533ac56f02c0a

Download Submit