General
-
Target
e9b7110334eeff9ee59b644a4cbc8f0bd8e90c5cdb7c6b0c6426cbbd4567176d.zip
-
Size
320KB
-
Sample
221113-2snn6sde64
-
MD5
7d706ed70b00c7f26bad86bf6d1ee077
-
SHA1
ce5a5878cb4dedcbacf231615191e024a1d6f24f
-
SHA256
e4315e7b43f1a26f8050d52cb484a8f4c9f32d5b8046145ebca8c5ef956dd4a7
-
SHA512
d45a0d6eae9908657f0a467feb6e220a040333910aa8e0d98aa47a73a3a1c59d3c5e653518c274b02a13d65cfd9adfddcc8f5627b11551f050208ba75a7da694
-
SSDEEP
6144:OPZvlOQmfw3mvfwTTzcVizOmozTqj4FTswe/gQntEjIzQ:O7OQQq2IPzJN7jQ8/gQyEzQ
Malware Config
Extracted
fickerstealer
fickitc.link:8080
Targets
-
-
Target
e9b7110334eeff9ee59b644a4cbc8f0bd8e90c5cdb7c6b0c6426cbbd4567176d.exe
-
Size
479KB
-
MD5
1f48341ff3031b71e213c19d3fafbc46
-
SHA1
b03f6332adb7098e73be63f54f5b5c36ed0dd1ee
-
SHA256
e9b7110334eeff9ee59b644a4cbc8f0bd8e90c5cdb7c6b0c6426cbbd4567176d
-
SHA512
59b3ed7d8baf3c9f594d20d8c4057329f279f372c1fe0ec05af71b168585a4ff3a48f9b39bdcdc02a3c8e16e3f3dd9b828073473f35219e15effb2c4215b4b89
-
SSDEEP
6144:+4qZR5CH1lgLqTwSuKr0mWshFXsn3o/3I/4ZhuPtrd9UkZlkVEbcfPRSBQGAlc7M:3q3lBK6YBs3i3I/KUt7Uk0VnEBQxt
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-