General

  • Target

    a29fba4bd638c25716e64580f929358961064a32644970bc8e0bcca3ca814b1a

  • Size

    220KB

  • Sample

    220507-27gjeahfa8

  • MD5

    625923a8450e9e451007807434d73700

  • SHA1

    95951876a44ad983772629b4ee6154a7fc5a02d2

  • SHA256

    a29fba4bd638c25716e64580f929358961064a32644970bc8e0bcca3ca814b1a

  • SHA512

    30ba9104339135dc2fbbbf1070c97ed813ef1bc4b4a03f388c6bce64d4f764eef9ad4e443cc8c7f6db93eab8b1d0d0c9e44f68c89428ad6bbfc4d3afcd12b4ca

Malware Config

Extracted

Family

fickerstealer

C2

gzgbnserv639.xyz:80

Targets

    • Target

      a29fba4bd638c25716e64580f929358961064a32644970bc8e0bcca3ca814b1a

    • Size

      220KB

    • MD5

      625923a8450e9e451007807434d73700

    • SHA1

      95951876a44ad983772629b4ee6154a7fc5a02d2

    • SHA256

      a29fba4bd638c25716e64580f929358961064a32644970bc8e0bcca3ca814b1a

    • SHA512

      30ba9104339135dc2fbbbf1070c97ed813ef1bc4b4a03f388c6bce64d4f764eef9ad4e443cc8c7f6db93eab8b1d0d0c9e44f68c89428ad6bbfc4d3afcd12b4ca

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks