General
-
Target
mixsix_20210920-090839
-
Size
483KB
-
Sample
210926-nymgeaefhn
-
MD5
85aa0c610e4de7fd1b69b38f2fb64008
-
SHA1
20688e582122f136b9ae2955c288c48e97d86d0a
-
SHA256
4f182217787173c1f217915bdf6df5f228b824b1af950fcae5462ae5d915f798
-
SHA512
b51fba54c686fcc71c2d46cfebb3f562dbbbc0e35fd30f7351a86a714db81d6df77eb3aae97509e24a8496b4d5c402cdd253aa1c699c78be1ad0e626f2f5ab5d
Static task
static1
Behavioral task
behavioral1
Sample
mixsix_20210920-090839.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
mixsix_20210920-090839.exe
Resource
win10-en-20210920
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210920-090839
-
Size
483KB
-
MD5
85aa0c610e4de7fd1b69b38f2fb64008
-
SHA1
20688e582122f136b9ae2955c288c48e97d86d0a
-
SHA256
4f182217787173c1f217915bdf6df5f228b824b1af950fcae5462ae5d915f798
-
SHA512
b51fba54c686fcc71c2d46cfebb3f562dbbbc0e35fd30f7351a86a714db81d6df77eb3aae97509e24a8496b4d5c402cdd253aa1c699c78be1ad0e626f2f5ab5d
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-