General

  • Target

    1957bacb_by_Libranalysis

  • Size

    493KB

  • Sample

    210425-jhmt67dhzn

  • MD5

    1957bacb18265b82190edd667f8dc6ad

  • SHA1

    f623b03d95728cee0908de1cfefe9b39005c1a6b

  • SHA256

    a0d642de3cf9fc87200f8fd6cd9f600fd4a96ef7fc5c0c8cef94790ca8b489fb

  • SHA512

    810b4a01dfa1b8e0c620bf223d0c433f64a6153d1068acc0d75073761de5b83e93099f4d8f8d29f5b84fc71ac8743dad53182f2b4cac2c86790e1d866fb4b686

Malware Config

Extracted

Family

fickerstealer

C2

45.93.201.181:80

Targets

    • Target

      1957bacb_by_Libranalysis

    • Size

      493KB

    • MD5

      1957bacb18265b82190edd667f8dc6ad

    • SHA1

      f623b03d95728cee0908de1cfefe9b39005c1a6b

    • SHA256

      a0d642de3cf9fc87200f8fd6cd9f600fd4a96ef7fc5c0c8cef94790ca8b489fb

    • SHA512

      810b4a01dfa1b8e0c620bf223d0c433f64a6153d1068acc0d75073761de5b83e93099f4d8f8d29f5b84fc71ac8743dad53182f2b4cac2c86790e1d866fb4b686

    • Blocks application from running via registry modification

      Adds application to list of disallowed applications.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks