General
-
Target
mixsix_20210919-093205
-
Size
477KB
-
Sample
210926-nyb1nsegd9
-
MD5
5a201b72a6586afe40b60948afab9d22
-
SHA1
2cca256b60e74f7e002a6c2422598e5eb7ab4fbd
-
SHA256
3700fd2107cc453097ff092f1d2be1678cba183034b950ffb74c38a2abc6b260
-
SHA512
24446cede744c59a19c5ca4998a80f67c6e95cb4ffdee0e118136022f1252e770e158dcfbf9f1fce9d1735e1597d31ea7d28ef6b24ef2ef8589d8010aa007418
Static task
static1
Behavioral task
behavioral1
Sample
mixsix_20210919-093205.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
mixsix_20210919-093205.exe
Resource
win10v20210408
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210919-093205
-
Size
477KB
-
MD5
5a201b72a6586afe40b60948afab9d22
-
SHA1
2cca256b60e74f7e002a6c2422598e5eb7ab4fbd
-
SHA256
3700fd2107cc453097ff092f1d2be1678cba183034b950ffb74c38a2abc6b260
-
SHA512
24446cede744c59a19c5ca4998a80f67c6e95cb4ffdee0e118136022f1252e770e158dcfbf9f1fce9d1735e1597d31ea7d28ef6b24ef2ef8589d8010aa007418
Score10/10-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-