Overview

overview

10

Static

static

59a6c1ed33...e5.exe

windows7-x64

10

59a6c1ed33...e5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-10-2022 06:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59a6c1ed3330380a2e3c7671029777e5.exe

  • Size

    375KB

  • MD5

    59a6c1ed3330380a2e3c7671029777e5

  • SHA1

    71cc876b0003c55b548f9de7fde38c14a33e7a74

  • SHA256

    3b9208447ad1e6a191918e6e2b71d26566ec3dd62ed3e2c1145c7bbdc786da3d

  • SHA512

    2a7412bd5fdefb11852dba39db00491f9ee97a896b58e810691509782cc065d2e08564036e28b0b9fcda9410feb3c753364b3aad61026d2c3fcffad0069a1c8f

  • SSDEEP

    6144:ztcTLgoQG1PuXv5OAikSItDFXF4SOsCXxMlgEi:ztkkoQG1uf5OALtlF0JXxMGEi

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

kefkfkf.link:8080

Signatures

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59a6c1ed3330380a2e3c7671029777e5.exe
    "C:\Users\Admin\AppData\Local\Temp\59a6c1ed3330380a2e3c7671029777e5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Users\Admin\AppData\Local\Temp\59a6c1ed3330380a2e3c7671029777e5.exe
      "C:\Users\Admin\AppData\Local\Temp\59a6c1ed3330380a2e3c7671029777e5.exe"
      2⤵
        PID:980

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/980-54-0x0000000000400000-0x0000000000466000-memory.dmp

      Filesize

      408KB

      Download

    • memory/980-55-0x00000000004014C0-mapping.dmp

      Download

    • memory/980-59-0x0000000000400000-0x0000000000466000-memory.dmp

      Filesize

      408KB

      Download

    • memory/980-60-0x0000000076071000-0x0000000076073000-memory.dmp

      Filesize

      8KB

      Download

    • memory/980-61-0x0000000000400000-0x0000000000466000-memory.dmp

      Filesize

      408KB

      Download

    • memory/980-62-0x0000000000400000-0x0000000000466000-memory.dmp

      Filesize

      408KB

      Download

    • memory/1368-56-0x0000000002DD9000-0x0000000002E0F000-memory.dmp

      Filesize

      216KB

      Download

    • memory/1368-58-0x0000000000220000-0x0000000000282000-memory.dmp

      Filesize

      392KB

      Download