General
-
Target
309b8d030730272ff323308ced7aa981.exe
-
Size
1.3MB
-
Sample
210715-28ecn1br6a
-
MD5
309b8d030730272ff323308ced7aa981
-
SHA1
cce5cefc9f170817ddfa07a5cfed6e7783ddee61
-
SHA256
5d41854e87402a2672aef843e6820b21310f5737feb5e83c656bedcb5dc9a26a
-
SHA512
64c0477c1ad451564dc5becfff1709abd770ea06f85cdb57145bc46ca75abad1d3e0763e9ceaeaa8f47c470f0681f6036078c0b2035ce674841f90a9314526de
Static task
static1
Behavioral task
behavioral1
Sample
309b8d030730272ff323308ced7aa981.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
309b8d030730272ff323308ced7aa981.exe
Resource
win10v20210410
Malware Config
Extracted
fickerstealer
195.133.40.204:80
Targets
-
-
Target
309b8d030730272ff323308ced7aa981.exe
-
Size
1.3MB
-
MD5
309b8d030730272ff323308ced7aa981
-
SHA1
cce5cefc9f170817ddfa07a5cfed6e7783ddee61
-
SHA256
5d41854e87402a2672aef843e6820b21310f5737feb5e83c656bedcb5dc9a26a
-
SHA512
64c0477c1ad451564dc5becfff1709abd770ea06f85cdb57145bc46ca75abad1d3e0763e9ceaeaa8f47c470f0681f6036078c0b2035ce674841f90a9314526de
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-