General
-
Target
9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exe
-
Size
429KB
-
Sample
210425-3xesc1m6be
-
MD5
3fc8fbe821e3958ea65f6c2d27e4fec2
-
SHA1
fc3d706aaee158ead6974def1fe90f1146bdd853
-
SHA256
9fc4c09d4cb89762626fce008d9840abb128c99ec3cd162eed684c67418149d7
-
SHA512
09833b5eb5a6976a95bc09f065da70505ae285dcd6d92ed49b2f48b3b7b9583d740743ff518b74fa8cf0e9808d423045eed56f909afde645f1bae815f5d6842b
Static task
static1
Behavioral task
behavioral1
Sample
9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exe
Resource
win10v20210410
Malware Config
Extracted
fickerstealer
sodaandcoke.top:80
Targets
-
-
Target
9fc4c09d4cb89762626fce008d9840abb128c99ec3cd1.exe
-
Size
429KB
-
MD5
3fc8fbe821e3958ea65f6c2d27e4fec2
-
SHA1
fc3d706aaee158ead6974def1fe90f1146bdd853
-
SHA256
9fc4c09d4cb89762626fce008d9840abb128c99ec3cd162eed684c67418149d7
-
SHA512
09833b5eb5a6976a95bc09f065da70505ae285dcd6d92ed49b2f48b3b7b9583d740743ff518b74fa8cf0e9808d423045eed56f909afde645f1bae815f5d6842b
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-