General
-
Target
578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90
-
Size
256KB
-
Sample
220507-1l47xafee5
-
MD5
4dba0d2093a6f505cf8600c21f867d6d
-
SHA1
e617afa54224df7bdce1e7a5253c4aa2e49c3a38
-
SHA256
578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90
-
SHA512
77a0ba835aacfeeb19e3162bfc728a1b682d2e1bfc6c20a39e7f638c91da049b58b7376ce765d6cc443e6cfeff12493e5814d5c1054b472ef96b3df29997c085
Static task
static1
Behavioral task
behavioral1
Sample
578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
fickerstealer
gzgbnserv639.xyz:80
Targets
-
-
Target
578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90
-
Size
256KB
-
MD5
4dba0d2093a6f505cf8600c21f867d6d
-
SHA1
e617afa54224df7bdce1e7a5253c4aa2e49c3a38
-
SHA256
578412e48060578083b8066894138fb71c492dd3606daeef0dc68e73f9aa9c90
-
SHA512
77a0ba835aacfeeb19e3162bfc728a1b682d2e1bfc6c20a39e7f638c91da049b58b7376ce765d6cc443e6cfeff12493e5814d5c1054b472ef96b3df29997c085
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-