General
-
Target
mixsix_20210918-131447
-
Size
477KB
-
Sample
210926-nxy4taefgn
-
MD5
472ed25678c1ae1202cca22e657889c9
-
SHA1
415fa3aa2c83235eac03fa5e491c51b00d7dc9c4
-
SHA256
a9643cf216f0f73c5a458aeb85747770030c00c5217218a4006dfdea07c685d0
-
SHA512
c29d6a8ca15e057fc522748fab5243f32a3e9d23e4ea98b4f8a68b6fa0c3e1afd304c5d55f6f8a994a012da4034c25072322f5ab3aa169764016938d33ce75c1
Static task
static1
Behavioral task
behavioral1
Sample
mixsix_20210918-131447.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
mixsix_20210918-131447.exe
Resource
win10-en-20210920
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210918-131447
-
Size
477KB
-
MD5
472ed25678c1ae1202cca22e657889c9
-
SHA1
415fa3aa2c83235eac03fa5e491c51b00d7dc9c4
-
SHA256
a9643cf216f0f73c5a458aeb85747770030c00c5217218a4006dfdea07c685d0
-
SHA512
c29d6a8ca15e057fc522748fab5243f32a3e9d23e4ea98b4f8a68b6fa0c3e1afd304c5d55f6f8a994a012da4034c25072322f5ab3aa169764016938d33ce75c1
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-