0b5410174129f6dbf798c41730efe2ff.exe

General
Target

0b5410174129f6dbf798c41730efe2ff.exe

Size

284KB

Sample

210329-567peeqmj6

Score
10 /10
MD5

0b5410174129f6dbf798c41730efe2ff

SHA1

5a121c20e0b230fb2408286aca5eca9193f62be4

SHA256

a3087f89fde08c1c5c69dd52168abf42d64658abc53d3c094bb886b9942d2f8f

SHA512

2af6619d968b8c875d3f41a403a1d4a543827ece6e26056e9f57c5b5aab041195a7bfca39cfb9e05cd881530810fbb1d4f22ce6b3b79058fe9fc422c148590f0

Malware Config

Extracted

Family fickerstealer
C2

lukkeze.space:80

Targets
Target

0b5410174129f6dbf798c41730efe2ff.exe

MD5

0b5410174129f6dbf798c41730efe2ff

Filesize

284KB

Score
10 /10
SHA1

5a121c20e0b230fb2408286aca5eca9193f62be4

SHA256

a3087f89fde08c1c5c69dd52168abf42d64658abc53d3c094bb886b9942d2f8f

SHA512

2af6619d968b8c875d3f41a403a1d4a543827ece6e26056e9f57c5b5aab041195a7bfca39cfb9e05cd881530810fbb1d4f22ce6b3b79058fe9fc422c148590f0

Tags

Signatures

  • fickerstealer

    Description

    Ficker is an infostealer written in Rust and ASM.

    Tags

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10