fickerstealer | ce67cfc6138290ac9252744f77b9f2d09e3a60fcdf5b64224e0b245b751d01cf | Triage

Submit
Reports

Overview

overview

Static

static

mixsix_202...17.exe

windows7_x64

mixsix_202...17.exe

windows10_x64

Sharing

General

Target

mixsix_20210919-183217
Size

482KB
Sample

210926-nyfc4aege2
MD5

725fc46e4245c76f1365aaa7959b67d4
SHA1

cd25c8681fef3f57fb10564767a04194f4797a1f
SHA256

ce67cfc6138290ac9252744f77b9f2d09e3a60fcdf5b64224e0b245b751d01cf
SHA512

fbcd64b507cc63f4141db3ca3675359170fcac765c782b43a13b31affcd25b7bce2647403dffa0e8e5323624c911a21faf1097cb3df15ee56d72657e1660cfdc

Score

10^/10

fickerstealer discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

mixsix_20210919-183217.exe

Resource

win7-en-20210920

fickerstealer infostealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

mixsix_20210919-183217.exe

Resource

win10v20210408

fickerstealer discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

fickerstealer

C2

game2030.site:80

Targets

- Target
  
  mixsix_20210919-183217
- Size
  
  482KB
- MD5
  
  725fc46e4245c76f1365aaa7959b67d4
- SHA1
  
  cd25c8681fef3f57fb10564767a04194f4797a1f
- SHA256
  
  ce67cfc6138290ac9252744f77b9f2d09e3a60fcdf5b64224e0b245b751d01cf
- SHA512
  
  fbcd64b507cc63f4141db3ca3675359170fcac765c782b43a13b31affcd25b7bce2647403dffa0e8e5323624c911a21faf1097cb3df15ee56d72657e1660cfdc
Score

10^/10

fickerstealer infostealer discovery spyware stealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Executes dropped EXE
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy