General
-
Target
19b0486caa9d36d7a358a25fffc5c549e95ad922ec7068667744ffcd206b2539
-
Size
3.2MB
-
Sample
220630-3dgsradha5
-
MD5
00f73ae5d08c848ed4df5ca8e4a40133
-
SHA1
7c9fe77827aefc421887a02450133becc1049ef5
-
SHA256
19b0486caa9d36d7a358a25fffc5c549e95ad922ec7068667744ffcd206b2539
-
SHA512
2c5118a8648b94e551b2e9d63621f495b7dfac93bf2d5088c4813a7d73d5376c07c74cb350d1b99bfa41ea2c1ac8e3f7188569418aca6f03d8b7ea7c66b236be
Malware Config
Extracted
fickerstealer
45.67.231.4:80
Targets
-
-
Target
19b0486caa9d36d7a358a25fffc5c549e95ad922ec7068667744ffcd206b2539
-
Size
3.2MB
-
MD5
00f73ae5d08c848ed4df5ca8e4a40133
-
SHA1
7c9fe77827aefc421887a02450133becc1049ef5
-
SHA256
19b0486caa9d36d7a358a25fffc5c549e95ad922ec7068667744ffcd206b2539
-
SHA512
2c5118a8648b94e551b2e9d63621f495b7dfac93bf2d5088c4813a7d73d5376c07c74cb350d1b99bfa41ea2c1ac8e3f7188569418aca6f03d8b7ea7c66b236be
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-