General

  • Target

    DE11.tmp.exe

  • Size

    326KB

  • Sample

    210428-vgxznn6sgx

  • MD5

    3f80505adbe9e3ca9ac771bb5c5534b4

  • SHA1

    ace9127f27fa7e7ec8b9e0b00d536421fe11a0ca

  • SHA256

    16dbc40aa9959aef811409bad004175ef135f91f5f57f039444425a44d13e45b

  • SHA512

    1ea7ea14d26aaefa5345f0165ea154089e7d7617d68923e2713244099f2116d341cb54352f1b6b5ef5e0b2d8c244412113e111954eca707bdb01b16361197217

Malware Config

Extracted

Family

fickerstealer

C2

sodaandcoke.top:80

Targets

    • Target

      DE11.tmp.exe

    • Size

      326KB

    • MD5

      3f80505adbe9e3ca9ac771bb5c5534b4

    • SHA1

      ace9127f27fa7e7ec8b9e0b00d536421fe11a0ca

    • SHA256

      16dbc40aa9959aef811409bad004175ef135f91f5f57f039444425a44d13e45b

    • SHA512

      1ea7ea14d26aaefa5345f0165ea154089e7d7617d68923e2713244099f2116d341cb54352f1b6b5ef5e0b2d8c244412113e111954eca707bdb01b16361197217

    • fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks