General

  • Target

    0b70f2cd2a0df4cf0cb39062d95b1f2e11fa384885f952948653706d219102ce

  • Size

    222KB

  • Sample

    220512-aatnxsdgg7

  • MD5

    1521efbcb7e28ca99cdfeb5d616b6039

  • SHA1

    ad439d5a22300fa61d357491e485da0f2481f2a0

  • SHA256

    0b70f2cd2a0df4cf0cb39062d95b1f2e11fa384885f952948653706d219102ce

  • SHA512

    ca04cf8968a7d31a7d637b9d85bbfe3660ae3fe401104dca4485e283fc42f72f74b944e906be8c3fcceb1d3761dda311fef7420e89946e021a3655f7bc82169c

Malware Config

Extracted

Family

fickerstealer

C2

gavrik.club:80

Targets

    • Target

      0b70f2cd2a0df4cf0cb39062d95b1f2e11fa384885f952948653706d219102ce

    • Size

      222KB

    • MD5

      1521efbcb7e28ca99cdfeb5d616b6039

    • SHA1

      ad439d5a22300fa61d357491e485da0f2481f2a0

    • SHA256

      0b70f2cd2a0df4cf0cb39062d95b1f2e11fa384885f952948653706d219102ce

    • SHA512

      ca04cf8968a7d31a7d637b9d85bbfe3660ae3fe401104dca4485e283fc42f72f74b944e906be8c3fcceb1d3761dda311fef7420e89946e021a3655f7bc82169c

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks