fickerstealer | aeaff06fcb7f3389aacedaee2d7a29054a12cad6ea0c11045210966b96e3949a

Analysis

Target

033.exe
Size

630KB
MD5

fe8503810070e647005e051cc1f923e7
SHA1

480faacd724fc8d1abe0da9e3975c6f7553d0166
SHA256

aeaff06fcb7f3389aacedaee2d7a29054a12cad6ea0c11045210966b96e3949a
SHA512

7a73bc35fc3c5e822475534f6d723c67ed9b1e6d84b97e88a578b21be9320bbe5978d46c489be983d06ff2fa6b6e468c3d53e04409c4eebdcf5fffa24510c4d7

Score

10^/10

Family

fickerstealer

deniedfight.com:80

Fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
15	api.ipify.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4688 set thread context of 392	4688	033.exe	83

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83
PID 4688 wrote to memory of 392	4688	033.exe	83

C:\Users\Admin\AppData\Local\Temp\033.exe
"C:\Users\Admin\AppData\Local\Temp\033.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Users\Admin\AppData\Local\Temp\033.exe
  "C:\Users\Admin\AppData\Local\Temp\033.exe"
  2⤵
  PID:392

memory/392-131-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/392-135-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/392-136-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/4688-133-0x0000000000A99000-0x0000000000AC1000-memory.dmp

Filesize
160KB

Download
memory/4688-134-0x00000000009A0000-0x00000000009E5000-memory.dmp

Filesize
276KB

Download