General

  • Target

    322076b46e2369c8da6f7960e24881e30dfa40a452839d566812d6ef9682aae2

  • Size

    554KB

  • Sample

    220510-xjyqkaadak

  • MD5

    6eac3d8707c2c5e558936ca5dde88f4b

  • SHA1

    632486378d91b4687bb404cd685f5d3ad318853b

  • SHA256

    322076b46e2369c8da6f7960e24881e30dfa40a452839d566812d6ef9682aae2

  • SHA512

    72a3eac78474532c7f6ff45240a22adffe81263cf94136134883ec2c87feb7047f15e95a2e160fd059e383cff2fc3e643e4ebf88b7e2845312c30b7459996bcc

Malware Config

Extracted

Family

fickerstealer

C2

functionalrejh.com:80

malletmissile.ru:80

Targets

    • Target

      322076b46e2369c8da6f7960e24881e30dfa40a452839d566812d6ef9682aae2

    • Size

      554KB

    • MD5

      6eac3d8707c2c5e558936ca5dde88f4b

    • SHA1

      632486378d91b4687bb404cd685f5d3ad318853b

    • SHA256

      322076b46e2369c8da6f7960e24881e30dfa40a452839d566812d6ef9682aae2

    • SHA512

      72a3eac78474532c7f6ff45240a22adffe81263cf94136134883ec2c87feb7047f15e95a2e160fd059e383cff2fc3e643e4ebf88b7e2845312c30b7459996bcc

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks