General

  • Target

    6fsjd89gdsug.exe

  • Size

    267KB

  • Sample

    210428-6mtb6l416s

  • MD5

    77be0dd6570301acac3634801676b5d7

  • SHA1

    7394632d8cfc00c35570d219e49de63076294b6b

  • SHA256

    94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1

  • SHA512

    4ca6db741c01f32f168c0d496494f8f46402885922074c010cd3085f8271bd374f5a3b07ec0717eb6fa9fe11f9c74de6d22a75690359381d08ecb6853150d07c

Malware Config

Extracted

Family

fickerstealer

C2

sweyblidian.com:80

Targets

    • Target

      6fsjd89gdsug.exe

    • Size

      267KB

    • MD5

      77be0dd6570301acac3634801676b5d7

    • SHA1

      7394632d8cfc00c35570d219e49de63076294b6b

    • SHA256

      94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1

    • SHA512

      4ca6db741c01f32f168c0d496494f8f46402885922074c010cd3085f8271bd374f5a3b07ec0717eb6fa9fe11f9c74de6d22a75690359381d08ecb6853150d07c

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks