General
-
Target
mixsix_20210917-201308
-
Size
458KB
-
Sample
210926-nxn9lseffq
-
MD5
5c427037c6116072fa82dddbd2a8c41a
-
SHA1
059a08443830b6039b3f2cc5f149b6aa83666604
-
SHA256
76827b444c71850443cef84a7d7faec60d46bb567e73c07605978dc9fbe53bff
-
SHA512
30af84490c00cd955d752f52265af24b6fa9d25bed919313d42104519621247a3ebc2db88a3888516dfca82e41e06d4fd7c22fa15e619647f6d38b7aba2da884
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210917-201308
-
Size
458KB
-
MD5
5c427037c6116072fa82dddbd2a8c41a
-
SHA1
059a08443830b6039b3f2cc5f149b6aa83666604
-
SHA256
76827b444c71850443cef84a7d7faec60d46bb567e73c07605978dc9fbe53bff
-
SHA512
30af84490c00cd955d752f52265af24b6fa9d25bed919313d42104519621247a3ebc2db88a3888516dfca82e41e06d4fd7c22fa15e619647f6d38b7aba2da884
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-