General

  • Target

    92755556073.exe

  • Size

    429KB

  • Sample

    210426-ld246brqan

  • MD5

    c02f6728636e8bda3071547bc2f4d08a

  • SHA1

    eca88ec3f564d2395cb2c106ea336b38b8c422d3

  • SHA256

    98030b5507883b07bed61259cab866044297bc9bb1ea36b7d435f9a26ece5db0

  • SHA512

    17f964303a3de5cfbebaa16620dafac5bc3cc375e97a2ad9e4f8c9aff17ae02518a1b28484dec1fcc17c074b2b02921bcbc16e847faffc29daa777aff7539e04

Malware Config

Extracted

Family

fickerstealer

C2

gurums.best:80

Targets

    • Target

      92755556073.exe

    • Size

      429KB

    • MD5

      c02f6728636e8bda3071547bc2f4d08a

    • SHA1

      eca88ec3f564d2395cb2c106ea336b38b8c422d3

    • SHA256

      98030b5507883b07bed61259cab866044297bc9bb1ea36b7d435f9a26ece5db0

    • SHA512

      17f964303a3de5cfbebaa16620dafac5bc3cc375e97a2ad9e4f8c9aff17ae02518a1b28484dec1fcc17c074b2b02921bcbc16e847faffc29daa777aff7539e04

    • fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks