General

  • Target

    new.exe

  • Size

    1.1MB

  • Sample

    220517-yymghsbfcr

  • MD5

    3d01c08ee6b19b55fd24de82cc56ac5b

  • SHA1

    f35d512bda07259eb561740813399531c48cbf92

  • SHA256

    271a678d114dfc9425c18e14bde0b782fe19a7d6cb3184f911c0ac34f8d6f48e

  • SHA512

    abe55939ca92afc6207c25dedcaa5175b7966a37b8563211defba75bd6576585e8b33a42bb486a5d75e4c70cac2beb8233ee1421f863a2f3070a0a7db8aad7eb

Malware Config

Extracted

Family

fickerstealer

C2

deniedfight.com:80

Targets

    • Target

      new.exe

    • Size

      1.1MB

    • MD5

      3d01c08ee6b19b55fd24de82cc56ac5b

    • SHA1

      f35d512bda07259eb561740813399531c48cbf92

    • SHA256

      271a678d114dfc9425c18e14bde0b782fe19a7d6cb3184f911c0ac34f8d6f48e

    • SHA512

      abe55939ca92afc6207c25dedcaa5175b7966a37b8563211defba75bd6576585e8b33a42bb486a5d75e4c70cac2beb8233ee1421f863a2f3070a0a7db8aad7eb

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks