General

  • Target

    794c302c675c9d3ecf9cd5dbb7ec496d575be99196fed86a02902a31eb37b90a

  • Size

    373KB

  • Sample

    220508-t92claceh4

  • MD5

    537c7daa20917ca5d03af57fbb3cb1e2

  • SHA1

    3fbd3863f09e3d18b257f530f8a162b228024ae8

  • SHA256

    794c302c675c9d3ecf9cd5dbb7ec496d575be99196fed86a02902a31eb37b90a

  • SHA512

    faf473a0870ab015b3bd92f823277e0c0a415f2c6ea6f0c9898217af1d57f1afe25081e5f3fae51ab7ca4b53946663d6d7b9374e1b1f882b251bc494468506e8

Malware Config

Extracted

Family

fickerstealer

C2

79.110.52.39:80

Targets

    • Target

      794c302c675c9d3ecf9cd5dbb7ec496d575be99196fed86a02902a31eb37b90a

    • Size

      373KB

    • MD5

      537c7daa20917ca5d03af57fbb3cb1e2

    • SHA1

      3fbd3863f09e3d18b257f530f8a162b228024ae8

    • SHA256

      794c302c675c9d3ecf9cd5dbb7ec496d575be99196fed86a02902a31eb37b90a

    • SHA512

      faf473a0870ab015b3bd92f823277e0c0a415f2c6ea6f0c9898217af1d57f1afe25081e5f3fae51ab7ca4b53946663d6d7b9374e1b1f882b251bc494468506e8

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks