General

  • Target

    1e44027a981c225935e9ce3beb4e78b58ac11748a136e1a5ebc508d0ac2710dd

  • Size

    369KB

  • Sample

    220508-t91q3affdm

  • MD5

    77afc6e56924e1a39fc7346631b1bcc0

  • SHA1

    cf0a7c9611f12d83ee1dc0f3c4b363f879e0c6c6

  • SHA256

    1e44027a981c225935e9ce3beb4e78b58ac11748a136e1a5ebc508d0ac2710dd

  • SHA512

    7eddb3fbd29b7fd6672ed1a41602cbdae71c24c4f8a0237e2279a0eaee8e9ed141e3a90a50029bddd69f1a49e787b3f19e10cd84ad7d2fcdbedbef8e12d01d57

Malware Config

Extracted

Family

fickerstealer

C2

185.59.103.74:80

Targets

    • Target

      1e44027a981c225935e9ce3beb4e78b58ac11748a136e1a5ebc508d0ac2710dd

    • Size

      369KB

    • MD5

      77afc6e56924e1a39fc7346631b1bcc0

    • SHA1

      cf0a7c9611f12d83ee1dc0f3c4b363f879e0c6c6

    • SHA256

      1e44027a981c225935e9ce3beb4e78b58ac11748a136e1a5ebc508d0ac2710dd

    • SHA512

      7eddb3fbd29b7fd6672ed1a41602cbdae71c24c4f8a0237e2279a0eaee8e9ed141e3a90a50029bddd69f1a49e787b3f19e10cd84ad7d2fcdbedbef8e12d01d57

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks