General

  • Target

    new.exe

  • Size

    724KB

  • Sample

    220512-r9g8lshba6

  • MD5

    dd00fbe10108e476d10b621c7dcbb4d9

  • SHA1

    cc28d3f5f5ef6c6ccba04af2e1d4eaa1c2d315b4

  • SHA256

    363f2334158ff1b401efb71df8d7f8a4216eb5f6be5a1cd6fc86e9499d4d670a

  • SHA512

    d742f5be149f9b3fd419a331ea26fa889bfff20ecb95a208e50364a8d35e61456bddb13313fe4d771fa702a3ed48d1d7f3d57bf9a54902ddc235574a4256bdc2

Malware Config

Extracted

Family

fickerstealer

C2

deniedfight.com:80

Targets

    • Target

      new.exe

    • Size

      724KB

    • MD5

      dd00fbe10108e476d10b621c7dcbb4d9

    • SHA1

      cc28d3f5f5ef6c6ccba04af2e1d4eaa1c2d315b4

    • SHA256

      363f2334158ff1b401efb71df8d7f8a4216eb5f6be5a1cd6fc86e9499d4d670a

    • SHA512

      d742f5be149f9b3fd419a331ea26fa889bfff20ecb95a208e50364a8d35e61456bddb13313fe4d771fa702a3ed48d1d7f3d57bf9a54902ddc235574a4256bdc2

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks