General
-
Target
mixsix_20210917-201308
-
Size
458KB
-
Sample
210926-nxn9lseffq
-
MD5
5c427037c6116072fa82dddbd2a8c41a
-
SHA1
059a08443830b6039b3f2cc5f149b6aa83666604
-
SHA256
76827b444c71850443cef84a7d7faec60d46bb567e73c07605978dc9fbe53bff
-
SHA512
30af84490c00cd955d752f52265af24b6fa9d25bed919313d42104519621247a3ebc2db88a3888516dfca82e41e06d4fd7c22fa15e619647f6d38b7aba2da884
Static task
static1
Behavioral task
behavioral1
Sample
mixsix_20210917-201308.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
mixsix_20210917-201308.exe
Resource
win10-en-20210920
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210917-201308
-
Size
458KB
-
MD5
5c427037c6116072fa82dddbd2a8c41a
-
SHA1
059a08443830b6039b3f2cc5f149b6aa83666604
-
SHA256
76827b444c71850443cef84a7d7faec60d46bb567e73c07605978dc9fbe53bff
-
SHA512
30af84490c00cd955d752f52265af24b6fa9d25bed919313d42104519621247a3ebc2db88a3888516dfca82e41e06d4fd7c22fa15e619647f6d38b7aba2da884
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-