fickerstealer | 60ebc66ef9521f8ee3fcbe54939bb1f71bd6902ad85c57bfa32d4573f9454f0d | Triage

Submit
Reports

Overview

overview

Static

static

3029ed0d_b...is.exe

windows7_x64

3029ed0d_b...is.exe

windows10_x64

Sharing

General

Target

3029ed0d_by_Libranalysis
Size

390KB
Sample

210506-13w8zmvg5j
MD5

3029ed0d72a57ceb45b0a2d341db05db
SHA1

a35c2b814a9b8e7288123747a6ff75d028c28b59
SHA256

60ebc66ef9521f8ee3fcbe54939bb1f71bd6902ad85c57bfa32d4573f9454f0d
SHA512

fedaa2e6c8cf5f806df8bf4694c3915345db3dee839eaae430abe13b32d9eb1ccc15e9ba9913a133d32cfa6567f284034754e90f89363048fb76fa11aea5f369

Score

10^/10

fickerstealer discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

3029ed0d_by_Libranalysis.exe

Resource

win7v20210410

fickerstealer discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3029ed0d_by_Libranalysis.exe

Resource

win10v20210408

fickerstealer discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

fickerstealer

C2

truzen.site:80

Targets

- Target
  
  3029ed0d_by_Libranalysis
- Size
  
  390KB
- MD5
  
  3029ed0d72a57ceb45b0a2d341db05db
- SHA1
  
  a35c2b814a9b8e7288123747a6ff75d028c28b59
- SHA256
  
  60ebc66ef9521f8ee3fcbe54939bb1f71bd6902ad85c57bfa32d4573f9454f0d
- SHA512
  
  fedaa2e6c8cf5f806df8bf4694c3915345db3dee839eaae430abe13b32d9eb1ccc15e9ba9913a133d32cfa6567f284034754e90f89363048fb76fa11aea5f369
Score

10^/10

fickerstealer discovery infostealer spyware stealer
- fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

fickerstealerdiscoveryinfostealerspywarestealer

behavioral2

fickerstealerdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy