Overview

overview

10

Static

static

mixsix_202...17.exe

windows7_x64

10

mixsix_202...17.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    26-09-2021 11:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mixsix_20210919-183217.exe

  • Size

    482KB

  • MD5

    725fc46e4245c76f1365aaa7959b67d4

  • SHA1

    cd25c8681fef3f57fb10564767a04194f4797a1f

  • SHA256

    ce67cfc6138290ac9252744f77b9f2d09e3a60fcdf5b64224e0b245b751d01cf

  • SHA512

    fbcd64b507cc63f4141db3ca3675359170fcac765c782b43a13b31affcd25b7bce2647403dffa0e8e5323624c911a21faf1097cb3df15ee56d72657e1660cfdc

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

game2030.site:80

Signatures

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\mixsix_20210919-183217.exe
    "C:\Users\Admin\AppData\Local\Temp\mixsix_20210919-183217.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1296
    • C:\Users\Admin\AppData\Local\Temp\mixsix_20210919-183217.exe
      "C:\Users\Admin\AppData\Local\Temp\mixsix_20210919-183217.exe"
      2⤵
        PID:1656

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1296-57-0x0000000000470000-0x00000000004B7000-memory.dmp
      Filesize

      284KB

      Download
    • memory/1656-55-0x0000000000401480-mapping.dmp
      Download
    • memory/1656-54-0x0000000000400000-0x000000000044F000-memory.dmp
      Filesize

      316KB

      Download
    • memory/1656-56-0x0000000075331000-0x0000000075333000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1656-58-0x0000000000400000-0x000000000044F000-memory.dmp
      Filesize

      316KB

      Download