B7D90C9D14D124A163F5B3476160E1CF.exe

General
Target

B7D90C9D14D124A163F5B3476160E1CF.exe

Size

278KB

Sample

210329-pah4tpcr6a

Score
10 /10
MD5

b7d90c9d14d124a163f5b3476160e1cf

SHA1

684e0fc52a883091957f65c0d2ff59fe1499bae4

SHA256

10192ceb4aa066216989c2b83dd3b460f0264d6672f64d1dff2addbe07fb1a5a

SHA512

05be8f906ae6f33ec541a951f3230e0ffcd1f17b9da4bf6e60158bc2ac1c915d5bf2050039672f5cb8479d01e7e7948466e711b574915f35fe109915e8c65ad7

Malware Config

Extracted

Family fickerstealer
C2

deniedfight.com:80

Targets
Target

B7D90C9D14D124A163F5B3476160E1CF.exe

MD5

b7d90c9d14d124a163f5b3476160e1cf

Filesize

278KB

Score
10 /10
SHA1

684e0fc52a883091957f65c0d2ff59fe1499bae4

SHA256

10192ceb4aa066216989c2b83dd3b460f0264d6672f64d1dff2addbe07fb1a5a

SHA512

05be8f906ae6f33ec541a951f3230e0ffcd1f17b9da4bf6e60158bc2ac1c915d5bf2050039672f5cb8479d01e7e7948466e711b574915f35fe109915e8c65ad7

Tags

Signatures

  • fickerstealer

    Description

    Ficker is an infostealer written in Rust and ASM.

    Tags

  • Reads local data of messenger clients

    Description

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation