General
-
Target
58433f617218ea615f48b5670b6ac8cbbe579e6c71cbb9a4a127f02d8ccb52e6.zip
-
Size
345KB
-
Sample
221113-2snzyade65
-
MD5
38caa5f326797354f54921e897559d0a
-
SHA1
4ef986df78576e6ca2ec7f59660b0117e27e01f8
-
SHA256
b313f641527a2d9ac2986d9e99ed38067c4d465bf242ed8e9d6a746664de94d4
-
SHA512
1f8598d865f70f67606a6d92b111f3bd6c417cc4c398a577099c7959ba15a98e81dde54dcb9705a0e3cd6ebdbd281edd04e57caadcc14ae903bb2a3180cbe3e4
-
SSDEEP
6144:/V8ucyr3gn+NvWk4uZLkcVly4aZBFnXnBoP1OqFuRYfZtL4jCrp6kdF69fpwT:/V8uc43EEWnILkcq4aZB5SFG83L4jCF3
Malware Config
Extracted
fickerstealer
linkappd.link:8080
Targets
-
-
Target
58433f617218ea615f48b5670b6ac8cbbe579e6c71cbb9a4a127f02d8ccb52e6.exe
-
Size
445KB
-
MD5
4ba007b10190fdae6ab529ead92ac85e
-
SHA1
12a3b473e99b258dbf3692467d960ab3b421c71c
-
SHA256
58433f617218ea615f48b5670b6ac8cbbe579e6c71cbb9a4a127f02d8ccb52e6
-
SHA512
9b9abcfc8ec3b8a13bd33c5f3fccd44290dd8ab319e23e36ae5a9ce6c98fed50c0b8fbabdcd2ebaf1ad2dfff822eb0be6d44a0b5de2ac332bcb6faa55ac613ee
-
SSDEEP
6144:7h43lPnBElcXJaq5sWMZVuV1DqUPb49Zva5AFTcK4yJB1S949g7ITsqeewVf6XOO:7OB8cXxuWPqR9ZvwAFTB4yJTt9g7RWl
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-