Overview

overview

10

Static

static

0b54101741...ff.exe

windows7_x64

10

0b54101741...ff.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b5410174129f6dbf798c41730efe2ff.exe

  • Size

    284KB

  • Sample

    210329-567peeqmj6

  • MD5

    0b5410174129f6dbf798c41730efe2ff

  • SHA1

    5a121c20e0b230fb2408286aca5eca9193f62be4

  • SHA256

    a3087f89fde08c1c5c69dd52168abf42d64658abc53d3c094bb886b9942d2f8f

  • SHA512

    2af6619d968b8c875d3f41a403a1d4a543827ece6e26056e9f57c5b5aab041195a7bfca39cfb9e05cd881530810fbb1d4f22ce6b3b79058fe9fc422c148590f0

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

lukkeze.space:80

Targets

    • Target

      0b5410174129f6dbf798c41730efe2ff.exe

    • Size

      284KB

    • MD5

      0b5410174129f6dbf798c41730efe2ff

    • SHA1

      5a121c20e0b230fb2408286aca5eca9193f62be4

    • SHA256

      a3087f89fde08c1c5c69dd52168abf42d64658abc53d3c094bb886b9942d2f8f

    • SHA512

      2af6619d968b8c875d3f41a403a1d4a543827ece6e26056e9f57c5b5aab041195a7bfca39cfb9e05cd881530810fbb1d4f22ce6b3b79058fe9fc422c148590f0

    Score
    10/10
    fickerstealerinfostealer

    • fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks