General

  • Target

    ca383d558c297c28c6808905b72a27d663772ffb8ef0c787c72866dc82e4e0a0

  • Size

    255KB

  • Sample

    220508-t9z5jaceh3

  • MD5

    b3ee5ea799902a9de93c5e26231b2368

  • SHA1

    f526ac7faaf1701ad92dc8d74e21fb6275715945

  • SHA256

    ca383d558c297c28c6808905b72a27d663772ffb8ef0c787c72866dc82e4e0a0

  • SHA512

    67b9563bb83d86efb0022b31ee3fcdb5d1f1084d88d36c01161d7d86e208ca888ca46eb32db2f704bc107dba907ecb29f6f81a984eca27b34293cc03edfce959

Malware Config

Extracted

Family

fickerstealer

C2

185.59.103.34:80

Targets

    • Target

      ca383d558c297c28c6808905b72a27d663772ffb8ef0c787c72866dc82e4e0a0

    • Size

      255KB

    • MD5

      b3ee5ea799902a9de93c5e26231b2368

    • SHA1

      f526ac7faaf1701ad92dc8d74e21fb6275715945

    • SHA256

      ca383d558c297c28c6808905b72a27d663772ffb8ef0c787c72866dc82e4e0a0

    • SHA512

      67b9563bb83d86efb0022b31ee3fcdb5d1f1084d88d36c01161d7d86e208ca888ca46eb32db2f704bc107dba907ecb29f6f81a984eca27b34293cc03edfce959

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks