General

  • Target

    10A3DB9846445B8E1715802DA3FA6D91.exe

  • Size

    266KB

  • Sample

    210715-ydv4rtj4g6

  • MD5

    10a3db9846445b8e1715802da3fa6d91

  • SHA1

    924de616d5d427686ef1e1e08a8881a64af2f943

  • SHA256

    8937fb7545cb081d8d5086671e6cf9d41295e191cf1bfaf4dd70282c056c79d1

  • SHA512

    0ea770c80717eb7838c939da41010dd3c479e491caf53d801377cb22bc8ebc007c52cbe07ddbe3f0f389499dcfe946c84b502982de85ab71d4bcf616e184106b

Malware Config

Extracted

Family

fickerstealer

C2

fickotstuk.space:80

Targets

    • Target

      10A3DB9846445B8E1715802DA3FA6D91.exe

    • Size

      266KB

    • MD5

      10a3db9846445b8e1715802da3fa6d91

    • SHA1

      924de616d5d427686ef1e1e08a8881a64af2f943

    • SHA256

      8937fb7545cb081d8d5086671e6cf9d41295e191cf1bfaf4dd70282c056c79d1

    • SHA512

      0ea770c80717eb7838c939da41010dd3c479e491caf53d801377cb22bc8ebc007c52cbe07ddbe3f0f389499dcfe946c84b502982de85ab71d4bcf616e184106b

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks