General
-
Target
1957bacb_by_Libranalysis
-
Size
493KB
-
Sample
210425-jhmt67dhzn
-
MD5
1957bacb18265b82190edd667f8dc6ad
-
SHA1
f623b03d95728cee0908de1cfefe9b39005c1a6b
-
SHA256
a0d642de3cf9fc87200f8fd6cd9f600fd4a96ef7fc5c0c8cef94790ca8b489fb
-
SHA512
810b4a01dfa1b8e0c620bf223d0c433f64a6153d1068acc0d75073761de5b83e93099f4d8f8d29f5b84fc71ac8743dad53182f2b4cac2c86790e1d866fb4b686
Static task
static1
Behavioral task
behavioral1
Sample
1957bacb_by_Libranalysis.exe
Resource
win7v20210408
Malware Config
Extracted
fickerstealer
45.93.201.181:80
Targets
-
-
Target
1957bacb_by_Libranalysis
-
Size
493KB
-
MD5
1957bacb18265b82190edd667f8dc6ad
-
SHA1
f623b03d95728cee0908de1cfefe9b39005c1a6b
-
SHA256
a0d642de3cf9fc87200f8fd6cd9f600fd4a96ef7fc5c0c8cef94790ca8b489fb
-
SHA512
810b4a01dfa1b8e0c620bf223d0c433f64a6153d1068acc0d75073761de5b83e93099f4d8f8d29f5b84fc71ac8743dad53182f2b4cac2c86790e1d866fb4b686
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-