General
-
Target
c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3
-
Size
225KB
-
Sample
220507-1qe4ksaddn
-
MD5
3dd3bc7970d584fc207bd98cec7ed959
-
SHA1
1fc2566363dd4517f00b71c8ab7cf1aa6fb129a6
-
SHA256
c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3
-
SHA512
931458d1f005bf6c80e73a0d8c2dc6d52f551955de3f980cb3f22d470468cd8717ff19b139dc10dce392ee38b629598fd1b5f0a7bdd9b49ebbb4d70ba717b0c6
Static task
static1
Behavioral task
behavioral1
Sample
c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
fickerstealer
gzgbnserv639.xyz:80
Targets
-
-
Target
c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3
-
Size
225KB
-
MD5
3dd3bc7970d584fc207bd98cec7ed959
-
SHA1
1fc2566363dd4517f00b71c8ab7cf1aa6fb129a6
-
SHA256
c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3
-
SHA512
931458d1f005bf6c80e73a0d8c2dc6d52f551955de3f980cb3f22d470468cd8717ff19b139dc10dce392ee38b629598fd1b5f0a7bdd9b49ebbb4d70ba717b0c6
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-