General

  • Target

    44c2a6e2123242c6330d3788889cf5216fb71ce0ff2a4823590342e8d3a347f6

  • Size

    254KB

  • Sample

    220508-t3qmhscdc2

  • MD5

    340d6a908fec5ec76341d3daf81860ca

  • SHA1

    c7477aab8e5181b5368ab0d16313a0162cdcda2c

  • SHA256

    44c2a6e2123242c6330d3788889cf5216fb71ce0ff2a4823590342e8d3a347f6

  • SHA512

    007254116e2e2fffb572d3d488c9e358e14aeb6be79258674456e6c706defc0bf65acaa854d2897cdd8f3f83449d5274ac438e75996ee7994bafe515f3665bb8

Malware Config

Extracted

Family

fickerstealer

C2

sdgserv29.xyz:80

Targets

    • Target

      44c2a6e2123242c6330d3788889cf5216fb71ce0ff2a4823590342e8d3a347f6

    • Size

      254KB

    • MD5

      340d6a908fec5ec76341d3daf81860ca

    • SHA1

      c7477aab8e5181b5368ab0d16313a0162cdcda2c

    • SHA256

      44c2a6e2123242c6330d3788889cf5216fb71ce0ff2a4823590342e8d3a347f6

    • SHA512

      007254116e2e2fffb572d3d488c9e358e14aeb6be79258674456e6c706defc0bf65acaa854d2897cdd8f3f83449d5274ac438e75996ee7994bafe515f3665bb8

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks