General
-
Target
ab33dd2fe5e133ea982810c86ac78f41572e632a037536e3e908f1cea2483223
-
Size
2.9MB
-
Sample
220511-31rlgadge6
-
MD5
5598027d46551abb118ee343baaa530d
-
SHA1
16907ea747cbaaae64b83b95566e0aba6a022a2c
-
SHA256
ab33dd2fe5e133ea982810c86ac78f41572e632a037536e3e908f1cea2483223
-
SHA512
8ba9536a4556ad0aa95cef9a0b5e26d729cdb9e0f03aed5d721358b650e6be0764217d348e4d353276ccfc39e43a0c16d51cd6d7166034f9bb31c6a479880c84
Static task
static1
Behavioral task
behavioral1
Sample
ab33dd2fe5e133ea982810c86ac78f41572e632a037536e3e908f1cea2483223.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ab33dd2fe5e133ea982810c86ac78f41572e632a037536e3e908f1cea2483223.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
fickerstealer
45.67.231.4:80
Targets
-
-
Target
ab33dd2fe5e133ea982810c86ac78f41572e632a037536e3e908f1cea2483223
-
Size
2.9MB
-
MD5
5598027d46551abb118ee343baaa530d
-
SHA1
16907ea747cbaaae64b83b95566e0aba6a022a2c
-
SHA256
ab33dd2fe5e133ea982810c86ac78f41572e632a037536e3e908f1cea2483223
-
SHA512
8ba9536a4556ad0aa95cef9a0b5e26d729cdb9e0f03aed5d721358b650e6be0764217d348e4d353276ccfc39e43a0c16d51cd6d7166034f9bb31c6a479880c84
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-