b4bc33cd161129d154933e83c8435f9020e006b3a4f9b7cd05b5e8637dcea4e3

Analysis

max time kernel
95s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2025 02:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FM4ffx.exe
Size

319KB
MD5

fe768a6b82ed2a59c58254eae67b8cf9
SHA1

3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6
SHA256

3ac3c700060a0487060724f3fd22faf70d5f633e69401641964d7ba4d6e6e570
SHA512

3d8caadc61ea127bd0e3d01f35274a2ebfa34a0ac12b0932988300d011347f74a09c2bf3c85e58bfbe5200288c6e6f100b4f08916d23e56d7b52a70130aad14b
SSDEEP

6144:Ve34G2ct7JdUwA2UL4iCPfAHfWpR+0BmiBEaiXLoyX:Et9BHjAupYMmyk7R

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Loads dropped DLL 64 IoCs

pid	Process
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe
3056	FM4ffx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FM4ffx.exe

C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe
"C:\Users\Admin\AppData\Local\Temp\FM4ffx.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsa8718.tmp

Filesize
541B

MD5
98bae79d5c936406cb766467665aa5d5

SHA1
1a9a746975c2a7b96a0a733876007a5f7056c067

SHA256
716917ac48697a0e46e80e11becd6ed42672fc1e4b333d1e8c85c211cdea1d18

SHA512
5e01d9cf08299827f4c8c150d7b29c5d08ca6231717aaf7afbc63cbad274e5ab55c6114776d013e2aa4e53f38e957816e0adf9a33868f95d35cff6a55b4a846f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf85FA.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf85FA.tmp\Time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf85FA.tmp\mt.dll

Filesize
5KB

MD5
aac69f856c4540edd4ef7ce6c8571639

SHA1
2860f55ea9774d631219e66604051e90a43258b7

SHA256
6dc2644a389feeef9e0ac65e2c8b01fc18ca6e53b253f10efffcb117e0a852dd

SHA512
ebacc8117c44d298ae519705510285c576932761b3c7b697eeb91cb7620150ebe551102d1ab83d68f4c78e1496b191a55ad8f78c491f5b4af456c4de6ad72dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf85FA.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf86E8.tmp

Filesize
486B

MD5
1f34673dd54e61d544a6ca30359a12a1

SHA1
422df49f9802401d1107a8b473e4d7c2103a5294

SHA256
7a50528386271fc30fe999d1fdc00c69efae488ec2261176f7276014445617e5

SHA512
ae28d2585c4e8ce12fcf8a884abfeb2bec7d24041ad29e9c7769078664726a85d80010ae2eff2aac624ccda19ffcc1bd159e95f3290a0fcf81332967e4bfe33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk86B8.tmp

Filesize
431B

MD5
d171e78a21cd6e278eaa1fe595795163

SHA1
b65fa9587e71c50813bb350a96c9edfd640b11f4

SHA256
ed3ff13987aa31b07a908945f1c562a64509a7216a818d750e9a7ece1f016f96

SHA512
ebc281f77c3fd50ec35933ecb682da713b49dcd249dc70f68f57d1b4c73931a8fd663380e85f59bdf44378bfb221954f265f6c0348f26d9d2233d32b92a92c6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq8779.tmp

Filesize
718B

MD5
2b1efe1964a4fb636907ba46525dfa76

SHA1
e83c0afc72054742964179f14d58e07cbbebc455

SHA256
813e00d6600bdb79dadb27be7b685fdc134802ae4ffcc7d4439572599e351f28

SHA512
dcc3ebfd7784f59606e499d51553e4a89c110210589c518dc711ac3fd10e5bed8c0dd02de5e2fd002a7a69231da80b9cb858ba7ebe1d1a60cd23e9d61b7b6640

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq8910.tmp

Filesize
679B

MD5
93aff1bd699499744694eac4076fe579

SHA1
b352a79463ec510e306747cfb32b25fd863cb9eb

SHA256
bf0bf3e7fb734b8eed3589d8dd9d282d42ed39a28f3f93b026d3729269d3f6ae

SHA512
8c0f55efa7284daaabf3d9e2f1917bbb24e0ebb1d613985db5bbcac81ae5293e8b659944e549cf388592aee6b30f6590b9f4eadcc544488b765365dc89c74685

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv88DF.tmp

Filesize
574B

MD5
9c20325af8d2891f68e757af1bc0d926

SHA1
1957bd5f420f09b1b9c31a4cd12aedf36f834e77

SHA256
4899a5de45c610c5bc295496e3248b3bfdcc023d1815f8d1822e4fdf03db347a

SHA512
7c03f4b5071a24fa4923fa789ce2d50eaf8cd057dd0b0b352292505f779894329ce49ebd3658a629f3bfe9002b0e958387acf393ca4ef147c34a773332577477

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw8932.tmp

Filesize
778B

MD5
f5b3797155bf1f16058debda0d2ac21d

SHA1
7a6ad8c1561c56b22e2e1eefa36fbbaa9d0f3e33

SHA256
a3d1016e4fd22e6ce93df52328f20d3c9940e4a7f445ab8770ae18bec368ea92

SHA512
8f498a5ffbd4aefd7069a4927056412233772baa9df6e1c9254fe641b8b219d1f957d283c66f6ce734ed6dd8df5797f4e75d5c822849d2a30ba2c5210dff1754

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1ckv2sw8.Admin\user.js

Filesize
661B

MD5
0d95d2724866654dced91ce1dbe61faa

SHA1
cae1c93c8d495345ec2aae21cb78c4764de09558

SHA256
9390d7000f81a328ef2481c0748ab7778fcd4a0e51ac4b9fbf1ba927ec34d4ca

SHA512
8e301624491bd91bdbeb9c4f2242d3f78484d2b5f3c6a8641f72b8e5dee354eedd044037c12d0d56b51d9c9419e5ede565e985f931de1a4e72f4d5871c6c58f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1ckv2sw8.Admin\user.js

Filesize
929B

MD5
bdacf1951d91bd85e34d7426aaf2161b

SHA1
653d7079c850dc5688ff3742dea31fac967033c5

SHA256
bd684a365effc4cb3c90da2ac02b6ac98f44fd57c532b28d467885080487b76a

SHA512
992d1bb9d2298297c3cfd6d0f6a2a773d1394c52b67887def91fe89c6f87be6bbb499a8480c5a8f8095cb22f2354c480ffe8c8eb4633872daa9a86f678de62e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1ckv2sw8.Admin\user.js

Filesize
1KB

MD5
8207531100011f55712a679479c6b128

SHA1
5ce13b52e2a1db4a0eca9814384feee893661dec

SHA256
786b34e61bd939d9d9982292eec8bbd55ea173eb0d2413c048c7eac4e4568aa1

SHA512
2fd53e7681e941bd574620535579977361d49aa31d3ce56d36ac11ff7ae363440966eb6e497d2d1024c4b29e41a229116ce794c18a0c6455749c3e5d528bc636

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\user.js

Filesize
523B

MD5
4af27603f522799f633d607cf7ac2bf5

SHA1
7beb058116a5080f4f62f403ee9987863ba8d4e6

SHA256
0744849947b76c143cb727b0ef966c38983c45bf33deccc5feef53df25a469a0

SHA512
e8cc2dab87281ec0c2c7fd003139a4dae9c47d75d100676d3f43d0958d2d96aca7140538a467fb4856ce8965cf89efdf32c5482519784e5cd7e093418967873a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\user.js

Filesize
627B

MD5
63ca0f1ee2d52e5b8aacfb33dd15a355

SHA1
afaaac0addd394983ebd84063db23ce50b3e357d

SHA256
849806f8081703f1be45d6f0a7edd56c7d91e3978a73084b439081542fedcd09

SHA512
b9a0e6f80f96b306f4fccb547c2ea6821a24540d148d18bf4eabea850d1cb3cb8bbb92885a57b424ecf97bd78bf1932cc8e22e5aed8e02e4b4afa4b4e7a62187

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\user.js

Filesize
291B

MD5
15d195c2e7415726c79ed9da0f223933

SHA1
be35ed571f95b7a6edd33da2f0d8029dd3d5365c

SHA256
67edf7ffb93d4af8894f6d89fecf1b923a1e619c25fd5ebb62a23a7b58b64352

SHA512
eb785b33d418ea6b0fca44f04269e82f4f71edace1ea1291dbeda1b799272b03d4b8e79e6ce0549f27df1eda39c83525289b36d7720bbafd140753b3fc1ff2c7

Download Submit