General
-
Target
52241b7a6707a79755e1386a26bce09c.exe
-
Size
502KB
-
Sample
211021-wpq28sbecm
-
MD5
52241b7a6707a79755e1386a26bce09c
-
SHA1
bd2f102d6f10cde689835418f213db6b0713c2cd
-
SHA256
0e01d2215e00c2a03a93b72a13476c588fbd383d4367e3d85265969e65dff388
-
SHA512
b4f781a8344d9db9ba3ee6d54c9a2c614a3b0699c05f527b1cfd22775613c8f902eb95553b7f3a56b8a1b5b6b7715b0491159d8bcc9dc712129512551d65ea05
Static task
static1
Behavioral task
behavioral1
Sample
52241b7a6707a79755e1386a26bce09c.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
52241b7a6707a79755e1386a26bce09c.exe
Resource
win10-en-20211014
Malware Config
Extracted
fickerstealer
game2030.site:80
Extracted
arkei
Default
http://gurums.online/ggate.php
Targets
-
-
Target
52241b7a6707a79755e1386a26bce09c.exe
-
Size
502KB
-
MD5
52241b7a6707a79755e1386a26bce09c
-
SHA1
bd2f102d6f10cde689835418f213db6b0713c2cd
-
SHA256
0e01d2215e00c2a03a93b72a13476c588fbd383d4367e3d85265969e65dff388
-
SHA512
b4f781a8344d9db9ba3ee6d54c9a2c614a3b0699c05f527b1cfd22775613c8f902eb95553b7f3a56b8a1b5b6b7715b0491159d8bcc9dc712129512551d65ea05
-
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
suricata: ET MALWARE Win32/Ficker Stealer Activity M3
-
Arkei Stealer Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-