General

  • Target

    74c51f732df114788aa2f60fff0f5cd0133320216bd2dfebffeb4143243b22e1

  • Size

    254KB

  • Sample

    220507-3d17dscfcm

  • MD5

    bda797ea83fda2c32536557d7704df02

  • SHA1

    92bf0f6ed55a21b9d6dfb506a8cc48885b7b7a34

  • SHA256

    74c51f732df114788aa2f60fff0f5cd0133320216bd2dfebffeb4143243b22e1

  • SHA512

    5c8cc5a629b1d977878cea074d5050a39bbab60edb67dbed12f56afcacfb88b7df468634570c06c1a2743b3f9aa17916f6d210c53f54e9019e78adc1dbdebdd3

Malware Config

Extracted

Family

fickerstealer

C2

gzgbnserv639.xyz:80

Targets

    • Target

      74c51f732df114788aa2f60fff0f5cd0133320216bd2dfebffeb4143243b22e1

    • Size

      254KB

    • MD5

      bda797ea83fda2c32536557d7704df02

    • SHA1

      92bf0f6ed55a21b9d6dfb506a8cc48885b7b7a34

    • SHA256

      74c51f732df114788aa2f60fff0f5cd0133320216bd2dfebffeb4143243b22e1

    • SHA512

      5c8cc5a629b1d977878cea074d5050a39bbab60edb67dbed12f56afcacfb88b7df468634570c06c1a2743b3f9aa17916f6d210c53f54e9019e78adc1dbdebdd3

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks