General
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.22079.22854
-
Size
283KB
-
Sample
210328-segdvhfhk6
-
MD5
7eea67caea8c17c85cfb90445f2bd57c
-
SHA1
1f66bd14914b7957bcb4e5c65b021d084dc624cc
-
SHA256
a995e75e37cb38fb000ee2c225b57608677d0272d39faa645b1fe13a873c22bb
-
SHA512
05b226675c70c9c591170a4eadb04eaad575a159eecd965168ac744febcec40032e1112ae61e09c5201a31d4907e924f1427efb440cc87a310ff6f9c22cb3c3c
Malware Config
Extracted
fickerstealer
lukkeze.space:80
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetect.malware1.22079.22854
-
Size
283KB
-
MD5
7eea67caea8c17c85cfb90445f2bd57c
-
SHA1
1f66bd14914b7957bcb4e5c65b021d084dc624cc
-
SHA256
a995e75e37cb38fb000ee2c225b57608677d0272d39faa645b1fe13a873c22bb
-
SHA512
05b226675c70c9c591170a4eadb04eaad575a159eecd965168ac744febcec40032e1112ae61e09c5201a31d4907e924f1427efb440cc87a310ff6f9c22cb3c3c
Score10/10-
fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-