General

  • Target

    9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exe

  • Size

    429KB

  • Sample

    210425-3xesc1m6be

  • MD5

    3fc8fbe821e3958ea65f6c2d27e4fec2

  • SHA1

    fc3d706aaee158ead6974def1fe90f1146bdd853

  • SHA256

    9fc4c09d4cb89762626fce008d9840abb128c99ec3cd162eed684c67418149d7

  • SHA512

    09833b5eb5a6976a95bc09f065da70505ae285dcd6d92ed49b2f48b3b7b9583d740743ff518b74fa8cf0e9808d423045eed56f909afde645f1bae815f5d6842b

Malware Config

Extracted

Family

fickerstealer

C2

sodaandcoke.top:80

Targets

    • Target

      9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exe

    • Size

      429KB

    • MD5

      3fc8fbe821e3958ea65f6c2d27e4fec2

    • SHA1

      fc3d706aaee158ead6974def1fe90f1146bdd853

    • SHA256

      9fc4c09d4cb89762626fce008d9840abb128c99ec3cd162eed684c67418149d7

    • SHA512

      09833b5eb5a6976a95bc09f065da70505ae285dcd6d92ed49b2f48b3b7b9583d740743ff518b74fa8cf0e9808d423045eed56f909afde645f1bae815f5d6842b

    • fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks