General

  • Target

    578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90

  • Size

    256KB

  • Sample

    220507-1l47xafee5

  • MD5

    4dba0d2093a6f505cf8600c21f867d6d

  • SHA1

    e617afa54224df7bdce1e7a5253c4aa2e49c3a38

  • SHA256

    578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90

  • SHA512

    77a0ba835aacfeeb19e3162bfc728a1b682d2e1bfc6c20a39e7f638c91da049b58b7376ce765d6cc443e6cfeff12493e5814d5c1054b472ef96b3df29997c085

Malware Config

Extracted

Family

fickerstealer

C2

gzgbnserv639.xyz:80

Targets

    • Target

      578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90

    • Size

      256KB

    • MD5

      4dba0d2093a6f505cf8600c21f867d6d

    • SHA1

      e617afa54224df7bdce1e7a5253c4aa2e49c3a38

    • SHA256

      578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90

    • SHA512

      77a0ba835aacfeeb19e3162bfc728a1b682d2e1bfc6c20a39e7f638c91da049b58b7376ce765d6cc443e6cfeff12493e5814d5c1054b472ef96b3df29997c085

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks