General
-
Target
b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389
-
Size
315KB
-
Sample
220512-svh22aaab4
-
MD5
9693b8764880fc6795d5077e0fb73206
-
SHA1
0cd2059ac8bc35c8c5a22b779c1015623c85e753
-
SHA256
b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389
-
SHA512
ab7f75b3587dc52962057d86988acaddb3e25ad7ecf9af26460039c796f96764f877cc5d80b1b780f8828e67bc5dd94f40b952c5e9e20d013a9e53b44b609a7b
Static task
static1
Behavioral task
behavioral1
Sample
b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
fickerstealer
gzgbnserv639.xyz:80
Targets
-
-
Target
b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389
-
Size
315KB
-
MD5
9693b8764880fc6795d5077e0fb73206
-
SHA1
0cd2059ac8bc35c8c5a22b779c1015623c85e753
-
SHA256
b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389
-
SHA512
ab7f75b3587dc52962057d86988acaddb3e25ad7ecf9af26460039c796f96764f877cc5d80b1b780f8828e67bc5dd94f40b952c5e9e20d013a9e53b44b609a7b
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-