General
-
Target
ee3a40146c9b15957fc0c9926d9dad17a8f5eff1a6eaca29819460211c2261ba-20210428-115512
-
Size
328KB
-
Sample
210428-81zaywfmbe
-
MD5
3f9dff2566d84798db2ad5e75165db81
-
SHA1
d1826145e5a5fc8ccf7fd7b4761d6ee4ec855aaf
-
SHA256
ee3a40146c9b15957fc0c9926d9dad17a8f5eff1a6eaca29819460211c2261ba
-
SHA512
a59aae06df75e413e8e3be0edef28983cbe81cef3ea659fb04c837a2a0ec90e0374d0aeb03d4952154ff056f2f62d53722fb040753d0a380101e2603efaff810
Static task
static1
Behavioral task
behavioral1
Sample
ee3a40146c9b15957fc0c9926d9dad17a8f5eff1a6eaca29819460211c2261ba-20210428-115512.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ee3a40146c9b15957fc0c9926d9dad17a8f5eff1a6eaca29819460211c2261ba-20210428-115512.exe
Resource
win10v20210410
Malware Config
Extracted
fickerstealer
gurums.space:80
Targets
-
-
Target
ee3a40146c9b15957fc0c9926d9dad17a8f5eff1a6eaca29819460211c2261ba-20210428-115512
-
Size
328KB
-
MD5
3f9dff2566d84798db2ad5e75165db81
-
SHA1
d1826145e5a5fc8ccf7fd7b4761d6ee4ec855aaf
-
SHA256
ee3a40146c9b15957fc0c9926d9dad17a8f5eff1a6eaca29819460211c2261ba
-
SHA512
a59aae06df75e413e8e3be0edef28983cbe81cef3ea659fb04c837a2a0ec90e0374d0aeb03d4952154ff056f2f62d53722fb040753d0a380101e2603efaff810
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-