Overview

overview

10

Static

static

mixsix_202...05.exe

windows7_x64

10

mixsix_202...05.exe

windows10_x64

10

Analysis

  • max time kernel
    142s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    26-09-2021 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mixsix_20210919-093205.exe

  • Size

    477KB

  • MD5

    5a201b72a6586afe40b60948afab9d22

  • SHA1

    2cca256b60e74f7e002a6c2422598e5eb7ab4fbd

  • SHA256

    3700fd2107cc453097ff092f1d2be1678cba183034b950ffb74c38a2abc6b260

  • SHA512

    24446cede744c59a19c5ca4998a80f67c6e95cb4ffdee0e118136022f1252e770e158dcfbf9f1fce9d1735e1597d31ea7d28ef6b24ef2ef8589d8010aa007418

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

game2030.site:80

Signatures

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mixsix_20210919-093205.exe
    "C:\Users\Admin\AppData\Local\Temp\mixsix_20210919-093205.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Users\Admin\AppData\Local\Temp\mixsix_20210919-093205.exe
      "C:\Users\Admin\AppData\Local\Temp\mixsix_20210919-093205.exe"
      2⤵
        PID:1708

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1108-56-0x0000000000220000-0x0000000000267000-memory.dmp
      Filesize

      284KB

      Download
    • memory/1708-54-0x0000000000400000-0x000000000044F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/1708-55-0x0000000000401480-mapping.dmp
      Download
    • memory/1708-57-0x0000000000400000-0x000000000044F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/1708-58-0x0000000075BF1000-0x0000000075BF3000-memory.dmp
      Filesize

      8KB

      Download