General

  • Target

    b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389

  • Size

    315KB

  • Sample

    220512-svh22aaab4

  • MD5

    9693b8764880fc6795d5077e0fb73206

  • SHA1

    0cd2059ac8bc35c8c5a22b779c1015623c85e753

  • SHA256

    b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389

  • SHA512

    ab7f75b3587dc52962057d86988acaddb3e25ad7ecf9af26460039c796f96764f877cc5d80b1b780f8828e67bc5dd94f40b952c5e9e20d013a9e53b44b609a7b

Malware Config

Extracted

Family

fickerstealer

C2

gzgbnserv639.xyz:80

Targets

    • Target

      b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389

    • Size

      315KB

    • MD5

      9693b8764880fc6795d5077e0fb73206

    • SHA1

      0cd2059ac8bc35c8c5a22b779c1015623c85e753

    • SHA256

      b7f7f59aa9c67b87c59788e0c39fd0c545717403f92123f8d5ab94a3b0573389

    • SHA512

      ab7f75b3587dc52962057d86988acaddb3e25ad7ecf9af26460039c796f96764f877cc5d80b1b780f8828e67bc5dd94f40b952c5e9e20d013a9e53b44b609a7b

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks