fickerstealer | a3087f89fde08c1c5c69dd52168abf42d64658abc53d3c094bb886b9942d2f8f

Analysis

Target

0b5410174129f6dbf798c41730efe2ff.exe
Size

284KB
MD5

0b5410174129f6dbf798c41730efe2ff
SHA1

5a121c20e0b230fb2408286aca5eca9193f62be4
SHA256

a3087f89fde08c1c5c69dd52168abf42d64658abc53d3c094bb886b9942d2f8f
SHA512

2af6619d968b8c875d3f41a403a1d4a543827ece6e26056e9f57c5b5aab041195a7bfca39cfb9e05cd881530810fbb1d4f22ce6b3b79058fe9fc422c148590f0

Score

10^/10

Family

fickerstealer

lukkeze.space:80

fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	api.ipify.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1056 set thread context of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28
PID 1056 wrote to memory of 1712	1056	0b5410174129f6dbf798c41730efe2ff.exe	28

C:\Users\Admin\AppData\Local\Temp\0b5410174129f6dbf798c41730efe2ff.exe
"C:\Users\Admin\AppData\Local\Temp\0b5410174129f6dbf798c41730efe2ff.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Users\Admin\AppData\Local\Temp\0b5410174129f6dbf798c41730efe2ff.exe
  "C:\Users\Admin\AppData\Local\Temp\0b5410174129f6dbf798c41730efe2ff.exe"
  2⤵
  PID:1712

memory/1056-2-0x0000000002350000-0x0000000002361000-memory.dmp

Filesize
68KB

Download
memory/1056-3-0x0000000002350000-0x0000000002361000-memory.dmp

Filesize
68KB

Download
memory/1056-7-0x0000000000220000-0x0000000000264000-memory.dmp

Filesize
272KB

Download
memory/1672-9-0x000007FEF5F20000-0x000007FEF619A000-memory.dmp

Filesize
2.5MB

Download
memory/1712-4-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/1712-5-0x0000000000401480-mapping.dmp

Download
memory/1712-6-0x0000000075A61000-0x0000000075A63000-memory.dmp

Filesize
8KB

Download
memory/1712-8-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download