General

  • Target

    2a99cf8cc0252a9e972c5a93609bd0b3ba5800338503a05595e39682da47464d

  • Size

    219KB

  • Sample

    220508-ccyf1afbfm

  • MD5

    6512ebe7b578ae11b38cce8957de8d7b

  • SHA1

    09f64707ad7b52e7040e61dd494c545052eeb484

  • SHA256

    2a99cf8cc0252a9e972c5a93609bd0b3ba5800338503a05595e39682da47464d

  • SHA512

    f8b78d5095f33c3992e05dd2845b36061a9cbccb41cdcfeb5a62a659b810693737b224a5b3edccfd316b6dccf3ac1e768e7bc1850f6a696597485a1ba6b97f66

Malware Config

Extracted

Family

fickerstealer

C2

gavrik.club:80

Targets

    • Target

      2a99cf8cc0252a9e972c5a93609bd0b3ba5800338503a05595e39682da47464d

    • Size

      219KB

    • MD5

      6512ebe7b578ae11b38cce8957de8d7b

    • SHA1

      09f64707ad7b52e7040e61dd494c545052eeb484

    • SHA256

      2a99cf8cc0252a9e972c5a93609bd0b3ba5800338503a05595e39682da47464d

    • SHA512

      f8b78d5095f33c3992e05dd2845b36061a9cbccb41cdcfeb5a62a659b810693737b224a5b3edccfd316b6dccf3ac1e768e7bc1850f6a696597485a1ba6b97f66

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks