General
-
Target
651227ea1d7bd25e56aadef523689311de2aafae5ecfb9d6b5977d8ce30edbde
-
Size
8.1MB
-
Sample
220508-t2lbeafdbj
-
MD5
d1e32649d8edf5f79028f067468ee9e0
-
SHA1
62d920af35f70e81a29a301e326f5ad2853dfa69
-
SHA256
651227ea1d7bd25e56aadef523689311de2aafae5ecfb9d6b5977d8ce30edbde
-
SHA512
d329625a9cd5cd1b05ae23553e697946e7dd8cf9365ec8822c0576df4fd4d7965f45fb7492d4d51cc60715f0cd7494f33f28f8809919ae6c8ac61027b6025fac
Static task
static1
Behavioral task
behavioral1
Sample
651227ea1d7bd25e56aadef523689311de2aafae5ecfb9d6b5977d8ce30edbde.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
651227ea1d7bd25e56aadef523689311de2aafae5ecfb9d6b5977d8ce30edbde.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
fickerstealer
45.67.231.4:80
Targets
-
-
Target
651227ea1d7bd25e56aadef523689311de2aafae5ecfb9d6b5977d8ce30edbde
-
Size
8.1MB
-
MD5
d1e32649d8edf5f79028f067468ee9e0
-
SHA1
62d920af35f70e81a29a301e326f5ad2853dfa69
-
SHA256
651227ea1d7bd25e56aadef523689311de2aafae5ecfb9d6b5977d8ce30edbde
-
SHA512
d329625a9cd5cd1b05ae23553e697946e7dd8cf9365ec8822c0576df4fd4d7965f45fb7492d4d51cc60715f0cd7494f33f28f8809919ae6c8ac61027b6025fac
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-