General

  • Target

    A35D2504DBA401C8E94437C954BE3DDD.exe

  • Size

    376KB

  • Sample

    210426-n2d9hzqkze

  • MD5

    a35d2504dba401c8e94437c954be3ddd

  • SHA1

    4471c9d722c885713b5ff9e7c8fb6a6e5445f335

  • SHA256

    401496db5cb4df2d72b8586fee87a4ff4b1745e8658e58a8fab87d4e7f346666

  • SHA512

    4de1c8717d49292bd8c3d22627ad15d55c0c37784beb2d32d8c03db4c57c8e4db3e8206937abb0aa98b5055c5b7b8a723c5c15b2ca3e66b51eaae9ac2029dfda

Malware Config

Extracted

Family

fickerstealer

C2

sodaandcoke.top:80

Targets

    • Target

      A35D2504DBA401C8E94437C954BE3DDD.exe

    • Size

      376KB

    • MD5

      a35d2504dba401c8e94437c954be3ddd

    • SHA1

      4471c9d722c885713b5ff9e7c8fb6a6e5445f335

    • SHA256

      401496db5cb4df2d72b8586fee87a4ff4b1745e8658e58a8fab87d4e7f346666

    • SHA512

      4de1c8717d49292bd8c3d22627ad15d55c0c37784beb2d32d8c03db4c57c8e4db3e8206937abb0aa98b5055c5b7b8a723c5c15b2ca3e66b51eaae9ac2029dfda

    • fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks