General
-
Target
92755556073.exe
-
Size
429KB
-
Sample
210426-ld246brqan
-
MD5
c02f6728636e8bda3071547bc2f4d08a
-
SHA1
eca88ec3f564d2395cb2c106ea336b38b8c422d3
-
SHA256
98030b5507883b07bed61259cab866044297bc9bb1ea36b7d435f9a26ece5db0
-
SHA512
17f964303a3de5cfbebaa16620dafac5bc3cc375e97a2ad9e4f8c9aff17ae02518a1b28484dec1fcc17c074b2b02921bcbc16e847faffc29daa777aff7539e04
Static task
static1
Behavioral task
behavioral1
Sample
92755556073.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
92755556073.exe
Resource
win10v20210410
Malware Config
Extracted
fickerstealer
gurums.best:80
Targets
-
-
Target
92755556073.exe
-
Size
429KB
-
MD5
c02f6728636e8bda3071547bc2f4d08a
-
SHA1
eca88ec3f564d2395cb2c106ea336b38b8c422d3
-
SHA256
98030b5507883b07bed61259cab866044297bc9bb1ea36b7d435f9a26ece5db0
-
SHA512
17f964303a3de5cfbebaa16620dafac5bc3cc375e97a2ad9e4f8c9aff17ae02518a1b28484dec1fcc17c074b2b02921bcbc16e847faffc29daa777aff7539e04
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-