General
-
Target
mixsix_20210920-133718
-
Size
483KB
-
Sample
210926-nysnesefhq
-
MD5
ef0942fb312f3596fedf182a353dacff
-
SHA1
48caf6075a8a793f6eaf03566e38c3bedfb2c09b
-
SHA256
1012a23e502d8719a4f360b1b98afb546fa527237141f9344671fe8ad14c4b8b
-
SHA512
6b9dc50c423510c96297cb9b208939e8add73e128ad0afba4d5dc8976d96b1067829b16b6a0cfe4113405fc2023dc86f6ada91fdd7e10f4ee8c967f37c4dbbf3
Static task
static1
Behavioral task
behavioral1
Sample
mixsix_20210920-133718.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
mixsix_20210920-133718.exe
Resource
win10-en-20210920
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210920-133718
-
Size
483KB
-
MD5
ef0942fb312f3596fedf182a353dacff
-
SHA1
48caf6075a8a793f6eaf03566e38c3bedfb2c09b
-
SHA256
1012a23e502d8719a4f360b1b98afb546fa527237141f9344671fe8ad14c4b8b
-
SHA512
6b9dc50c423510c96297cb9b208939e8add73e128ad0afba4d5dc8976d96b1067829b16b6a0cfe4113405fc2023dc86f6ada91fdd7e10f4ee8c967f37c4dbbf3
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-