General
-
Target
ac8e3612_by_Libranalysis
-
Size
425KB
-
Sample
210428-ej7c7agcv2
-
MD5
ac8e361233e01d5f611558f70985fa28
-
SHA1
638bb04aea700f374a3d9a1dddcf3180dbb5762f
-
SHA256
b87058debe148793a01173971935cb36fe7d56e2400282629f810cbb1ef14ef7
-
SHA512
35064c1be92b9ebd8cf7684b78a2624d5035d8e9225e0b7b3b4c3b459d26e041931d977d1440b30fddd8d7b9aacef4ee20c0affa4f33281f245aba54baad95d9
Static task
static1
Behavioral task
behavioral1
Sample
ac8e3612_by_Libranalysis.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ac8e3612_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Extracted
fickerstealer
gurums.space:80
Targets
-
-
Target
ac8e3612_by_Libranalysis
-
Size
425KB
-
MD5
ac8e361233e01d5f611558f70985fa28
-
SHA1
638bb04aea700f374a3d9a1dddcf3180dbb5762f
-
SHA256
b87058debe148793a01173971935cb36fe7d56e2400282629f810cbb1ef14ef7
-
SHA512
35064c1be92b9ebd8cf7684b78a2624d5035d8e9225e0b7b3b4c3b459d26e041931d977d1440b30fddd8d7b9aacef4ee20c0affa4f33281f245aba54baad95d9
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-