General
-
Target
mixsix_20210924-083109
-
Size
523KB
-
Sample
210926-nzm5bsegf6
-
MD5
9b0e18017ea35c11d4e477028d8b862a
-
SHA1
3ae7f49984dc702af623d39af51a071fba37fd6b
-
SHA256
023e18099649da79f4edf0067b155f78effb978f2d4d9d9ff8d5cebcdd656cc1
-
SHA512
f94efa893f4cb55883a7a9fdb163fefaee5bf7fa8adcccd13ae6da4746564b73b5abc4994a089f0f3d14b0f44475ead7159b0dd42cbb69065429f1500e496763
Static task
static1
Behavioral task
behavioral1
Sample
mixsix_20210924-083109.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
mixsix_20210924-083109.exe
Resource
win10-en-20210920
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210924-083109
-
Size
523KB
-
MD5
9b0e18017ea35c11d4e477028d8b862a
-
SHA1
3ae7f49984dc702af623d39af51a071fba37fd6b
-
SHA256
023e18099649da79f4edf0067b155f78effb978f2d4d9d9ff8d5cebcdd656cc1
-
SHA512
f94efa893f4cb55883a7a9fdb163fefaee5bf7fa8adcccd13ae6da4746564b73b5abc4994a089f0f3d14b0f44475ead7159b0dd42cbb69065429f1500e496763
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-