General
-
Target
3029ed0d_by_Libranalysis
-
Size
390KB
-
Sample
210506-kcpry7vnl2
-
MD5
3029ed0d72a57ceb45b0a2d341db05db
-
SHA1
a35c2b814a9b8e7288123747a6ff75d028c28b59
-
SHA256
60ebc66ef9521f8ee3fcbe54939bb1f71bd6902ad85c57bfa32d4573f9454f0d
-
SHA512
fedaa2e6c8cf5f806df8bf4694c3915345db3dee839eaae430abe13b32d9eb1ccc15e9ba9913a133d32cfa6567f284034754e90f89363048fb76fa11aea5f369
Static task
static1
Behavioral task
behavioral1
Sample
3029ed0d_by_Libranalysis.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
3029ed0d_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Extracted
fickerstealer
truzen.site:80
Targets
-
-
Target
3029ed0d_by_Libranalysis
-
Size
390KB
-
MD5
3029ed0d72a57ceb45b0a2d341db05db
-
SHA1
a35c2b814a9b8e7288123747a6ff75d028c28b59
-
SHA256
60ebc66ef9521f8ee3fcbe54939bb1f71bd6902ad85c57bfa32d4573f9454f0d
-
SHA512
fedaa2e6c8cf5f806df8bf4694c3915345db3dee839eaae430abe13b32d9eb1ccc15e9ba9913a133d32cfa6567f284034754e90f89363048fb76fa11aea5f369
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-