General

  • Target

    aebc8e1a7d4035ad751230943d64dfa0f0bb6db96dbb5a5610e82c4c533dab27

  • Size

    316KB

  • Sample

    220512-n5185sdfc2

  • MD5

    2834a729314ab5b1974b197bc018f7e4

  • SHA1

    1a5c9350da60924a461940ac767a2e47795170c0

  • SHA256

    aebc8e1a7d4035ad751230943d64dfa0f0bb6db96dbb5a5610e82c4c533dab27

  • SHA512

    9815275b0b80c9f9c077f18f1047b649eb70ced287806bd0209e221e6d6f1aa3181c727b7638f225f4ce5c4c4b52c930b93e965fab7e7ea8a1d665996194c103

Malware Config

Extracted

Family

fickerstealer

C2

gzgbnserv639.xyz:80

Targets

    • Target

      aebc8e1a7d4035ad751230943d64dfa0f0bb6db96dbb5a5610e82c4c533dab27

    • Size

      316KB

    • MD5

      2834a729314ab5b1974b197bc018f7e4

    • SHA1

      1a5c9350da60924a461940ac767a2e47795170c0

    • SHA256

      aebc8e1a7d4035ad751230943d64dfa0f0bb6db96dbb5a5610e82c4c533dab27

    • SHA512

      9815275b0b80c9f9c077f18f1047b649eb70ced287806bd0209e221e6d6f1aa3181c727b7638f225f4ce5c4c4b52c930b93e965fab7e7ea8a1d665996194c103

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks