General

  • Target

    8c6b2adbcdd8b7f0a0419fd08e5cbd0f7bc52cc702da4.exe

  • Size

    343KB

  • Sample

    210426-yay1lwjfhe

  • MD5

    aeec925d0e7193678d21f033f157dfb4

  • SHA1

    fd581e6e7296a78eb1a44b23b4dd99eb9e853229

  • SHA256

    8c6b2adbcdd8b7f0a0419fd08e5cbd0f7bc52cc702da40c20df878cf499637ff

  • SHA512

    33483b6889bf7bd524e73e05733a5d22de8c0f1014246368d166f0189ef407c2a2ab7e8a8e7bc2ea16575611be23aa462264d03c2639866764ac4629018e45dc

Malware Config

Extracted

Family

fickerstealer

C2

sodaandcoke.top:80

Targets

    • Target

      8c6b2adbcdd8b7f0a0419fd08e5cbd0f7bc52cc702da4.exe

    • Size

      343KB

    • MD5

      aeec925d0e7193678d21f033f157dfb4

    • SHA1

      fd581e6e7296a78eb1a44b23b4dd99eb9e853229

    • SHA256

      8c6b2adbcdd8b7f0a0419fd08e5cbd0f7bc52cc702da40c20df878cf499637ff

    • SHA512

      33483b6889bf7bd524e73e05733a5d22de8c0f1014246368d166f0189ef407c2a2ab7e8a8e7bc2ea16575611be23aa462264d03c2639866764ac4629018e45dc

    • fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks