General
-
Target
mixsix_20210920-190055
-
Size
508KB
-
Sample
210926-nyy57segal
-
MD5
3b1629676d7d0a03d84a524148beef08
-
SHA1
593ceccf82a2944f1bf584666ecbca51a228cd46
-
SHA256
07904c846bee3d574a33d59616cf18145f33b2e5ba666bd0f87f309cda5d2dfd
-
SHA512
f64df02c988369ba381b852e4cfb17527ca7fb5f066191bf937f29de70bfcd3fccf199728e79a1d43937aacddb23f2a07f5fcf39b5e9e9e3e635d9b39ecdb615
Static task
static1
Behavioral task
behavioral1
Sample
mixsix_20210920-190055.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
mixsix_20210920-190055.exe
Resource
win10v20210408
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210920-190055
-
Size
508KB
-
MD5
3b1629676d7d0a03d84a524148beef08
-
SHA1
593ceccf82a2944f1bf584666ecbca51a228cd46
-
SHA256
07904c846bee3d574a33d59616cf18145f33b2e5ba666bd0f87f309cda5d2dfd
-
SHA512
f64df02c988369ba381b852e4cfb17527ca7fb5f066191bf937f29de70bfcd3fccf199728e79a1d43937aacddb23f2a07f5fcf39b5e9e9e3e635d9b39ecdb615
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-