General
-
Target
mixsix_20210924-233459
-
Size
526KB
-
Sample
210926-nzqkfsegbl
-
MD5
5f6fa8274dfa727362e6bfe5953bdc4a
-
SHA1
a9ab2ea1e972988f4d2d47a5b82138d2e16d0e8c
-
SHA256
9eb11a49b41fd31e9307d8d395dbd536e885378a107c57c61427adf93faae4df
-
SHA512
8e9c93df405bb22f21c9ed979dd86fcede363270a40ea19fb396c821040c6f443d9a48a9b474c33e5883a9f3a46d3569b7fd4688fde680d58b7e6207ec595a1d
Static task
static1
Behavioral task
behavioral1
Sample
mixsix_20210924-233459.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
mixsix_20210924-233459.exe
Resource
win10v20210408
Malware Config
Extracted
fickerstealer
game2030.site:80
Targets
-
-
Target
mixsix_20210924-233459
-
Size
526KB
-
MD5
5f6fa8274dfa727362e6bfe5953bdc4a
-
SHA1
a9ab2ea1e972988f4d2d47a5b82138d2e16d0e8c
-
SHA256
9eb11a49b41fd31e9307d8d395dbd536e885378a107c57c61427adf93faae4df
-
SHA512
8e9c93df405bb22f21c9ed979dd86fcede363270a40ea19fb396c821040c6f443d9a48a9b474c33e5883a9f3a46d3569b7fd4688fde680d58b7e6207ec595a1d
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-