b4bc33cd161129d154933e83c8435f9020e006b3a4f9b7cd05b5e8637dcea4e3

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FM4ffx.exe
Size

319KB
MD5

fe768a6b82ed2a59c58254eae67b8cf9
SHA1

3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
SHA256

3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
SHA512

3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
SSDEEP

6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FM4ffx.exe

C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
"C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse25AF.tmp

Filesize
486B

MD5
c3e62d23b85534145fad9b499899babe

SHA1
4e9e7f85a05ce4405b2cd375e63e708a3b760132

SHA256
1157768faaec4853cd2eaead462a9952f20e7fb68d6bf849bafbf3a80738143b

SHA512
a25a8601d1505e4e7fee98f50b40c2cb00af7d19a4b65d9a602e910b26ce42170fd128402917c3d0d92ca0dbdbdeb531b6ad589a2b8add5019eeae80c0f9ce48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2850.tmp

Filesize
523B

MD5
5e669ec5a7782522bf101113de02a24d

SHA1
660754195f246b6ca199d1144ed1428975519535

SHA256
ff5ccddd4a45abd04245b30a3ea1ac4b5c76697791962f3fed3effa9f44fe72a

SHA512
1b8999850858e426f5efcda35295446cff9a5c45c5ca89c5eb2d57f6cbe898a7eec1fc192ad4b6b59ce562c6719365e3920c52667c472a8d6742abc2591c6150

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst274E.tmp

Filesize
1KB

MD5
682cbc948652e943cfa2ccbbad625ab4

SHA1
bc4727c540db6ba5d9e457cde99b530ce54a0ace

SHA256
28aa3606c7e626073236be668279d7263e7fcaebcc2e1331d6e6e173e33f724c

SHA512
948f644671f4e1330716efe223bd7f8db6b643641cc5a8afc5695b15e5377914c6505686d0cdea5b0fdd4d81198bc13297637c4876c05f116ac2382750fde271

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy258E.tmp

Filesize
431B

MD5
68c7bad79f48ab7514dfdc2f8ddde864

SHA1
3c97a80213d8a5c19f2ec7e2d9af829f55fd86ab

SHA256
bb4f51816c3152b4fb8bd35935ea16242c6febfeec8c4095bfa2506fc94b3097

SHA512
72daa526442ff624329678e27969eb6e1c61ea0eb92ed2f33f88953e488f2c6b5e3d908a04cf4010337e60905ab1be1343c2269ab9ba58b787a8f1978e85da76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy2860.tmp

Filesize
574B

MD5
a6130500d1a549a5daaadc62ebc3aef2

SHA1
8f22f3babb10fba36b2155df378d2326b49b6b30

SHA256
4a91fcf5653b326dde489c15d98d35002958725c8211a27a2c3536a9f7dcbe3a

SHA512
e8c2b519dc897d15677162717139fe06310500821c02f3d1139b98861e631a6eed1d7d4fa9b63b34d4f725531b9f3a6106a1a3c7d05ca4d1cf721b5ce15a1a50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\user.js

Filesize
661B

MD5
c788063c4ddcbc223be9de5ef4104d78

SHA1
16df47cf217c50a78dfa5edbdc118655ffb502c3

SHA256
a215e0d0103c89d9a2c69ec9cd45cf2072dca666c67ef040b58866ccb9360966

SHA512
a39d94d700d90a99fac58b62a68c71e1427e0bf3d16d2219d9733ed81e9a0cf6f66f24f5a8c7be55ef6b76f9a2e480b28a9f2a3dc9d800bb51866be943ddf2ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\user.js

Filesize
824B

MD5
0a7ba6344b3a4878a13d8c7ca5587a48

SHA1
612c01d58f81b4707e98549e51a7fd2e24ce6367

SHA256
026a62190c277fe00b2c59153052e29adb7454ad2548947fdaeecbb8e1b367ce

SHA512
4808bf678b170f9617136298e50c2033499ad80e6387f7200991f13ade8e6fe3cb79c71d807964c96cb7df4070924b647cd48b3b7cc40d56a53c5b75a6af33d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\user.js

Filesize
979B

MD5
b32491d146d2c4e7fe8769dc5fc5e5b2

SHA1
9d261955b2c2cb7cc04ab136e7b64699032e8487

SHA256
c69a73c1df7bacbcb3d94a2ad97091a697d39a3d3d7abfa4bc02596f9eddda0a

SHA512
bf7ff927942e45ab2a12657c0d6154452f2767ae4ad4fa7d961a801797393ba88378a0495f3d9bc830d86c2dda54fed055a447f94a0e39942efa9fa273f2b57a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\user.js

Filesize
468B

MD5
82814809b2a5ba0c43090754a0f8bce9

SHA1
b4facc4e78ef5218e2e73f60f780672eb8b4c470

SHA256
2dfe3eaff0341e7c8cffc46ad6ae02409bf88320903e747a4783301a084c30b6

SHA512
d4a559f15938e1809fd412039c3ca3640265fe36d39e33c0aee15e6cf7eb0533b23a3200c981f297bbc48de20cea47f1c9b90bc664af9531f6e8c1de76d9e988

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\user.js

Filesize
679B

MD5
945df14be3260f9f95ca8427793bb8e7

SHA1
5da158a75c82c1bf67ea75661a62bee4e473be6e

SHA256
9470dc520a9c51eca1e46e73cae898b8a58d351dffc00ee2dbacb7cec467270d

SHA512
78c035a6eeb2501f8268c26d464e76000b4629a637b5532939117557cce748f80f2ddaa9c9e9f89f550736729badde89d82366314c412ad38690a01c8872f6f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\user.js

Filesize
830B

MD5
ed96589bb6f25fe27b552c014aaa0a4b

SHA1
b97f7a51e3ec480e12630c09fb2c22de87a04d3e

SHA256
d89c7b0a8c36d0366d5b2faa863d756219e0808f2267940a0a04125f69c4e023

SHA512
d34a89b8812e362533506cc20c6deeb214f725bdc028531a6c8e0f390b6446439b41bbd4548cbffb6eb96f61f67a75d583723244c91cefa732e78b78af75f776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.default-release\user.js

Filesize
411B

MD5
cb0ca431b81e7e8e86dacfcf30cfcd35

SHA1
1880fa7bc4ff65ee6626742d0ee4d397cb42753a

SHA256
313882fd8c36a9539f70e2ae467f82fe2ec3fe84f4e8d40d4363605a8aa28155

SHA512
94c4ecd20f42292c94b17168aa49f5ceac9e4d9baf8707d3229220bab36a162eb53e42280aa94fa247c8e4e91f301bc952fb6ce17afdfbe57de15b2f727213c3

Download Submit
\Users\Admin\AppData\Local\Temp\nse2473.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nse2473.tmp\Time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
\Users\Admin\AppData\Local\Temp\nse2473.tmp\mt.dll

Filesize
5KB

MD5
aac69f856c4540edd4ef7ce6c8571639

SHA1
2860f55ea9774d631219e66604051e90a43258b7

SHA256
6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

SHA512
ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

Download Submit
\Users\Admin\AppData\Local\Temp\nse2473.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit