General

  • Target

    c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3

  • Size

    225KB

  • Sample

    220507-1qe4ksaddn

  • MD5

    3dd3bc7970d584fc207bd98cec7ed959

  • SHA1

    1fc2566363dd4517f00b71c8ab7cf1aa6fb129a6

  • SHA256

    c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3

  • SHA512

    931458d1f005bf6c80e73a0d8c2dc6d52f551955de3f980cb3f22d470468cd8717ff19b139dc10dce392ee38b629598fd1b5f0a7bdd9b49ebbb4d70ba717b0c6

Malware Config

Extracted

Family

fickerstealer

C2

gzgbnserv639.xyz:80

Targets

    • Target

      c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3

    • Size

      225KB

    • MD5

      3dd3bc7970d584fc207bd98cec7ed959

    • SHA1

      1fc2566363dd4517f00b71c8ab7cf1aa6fb129a6

    • SHA256

      c97fcc9955c7fe0196ea18f7c66717e42e3b5ebb4636364578bb616b6e6c51e3

    • SHA512

      931458d1f005bf6c80e73a0d8c2dc6d52f551955de3f980cb3f22d470468cd8717ff19b139dc10dce392ee38b629598fd1b5f0a7bdd9b49ebbb4d70ba717b0c6

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks