Overview

overview

10

Static

static

6df186c3d5...db.exe

windows7-x64

10

6df186c3d5...db.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6df186c3d5c563f492abed3e125ba4603f726bd1d257d4343f59d1584c0736db.zip

  • Size

    340KB

  • Sample

    221113-2snzyagf6z

  • MD5

    399e2cbcf5c1f9b23b95fbcc8eb1ec7a

  • SHA1

    bb3dbf4dabba5b0d11e301dc95bec5d28f6f4fd1

  • SHA256

    628f52d5db25e701dff7f39e4b49637f92d9d4b17b6014a276896344d7f46d18

  • SHA512

    2c14205e5fdc169d2b7b85f39cfdee64b43e662f7d24dfeb8a6c5b4e47309130e270bd4016328693fab16f1779af96d99d312f504916eb2b9def7c5519e7a2f6

  • SSDEEP

    6144:XTQUUxQrJXKTo+jyJ6NvGW0szRCosu12pAVA5fLg7LdOlS+J+:MUXr9K/+OzZ2pAqGdAS+J+

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

fickitc.link:8080

Targets

    • Target

      6df186c3d5c563f492abed3e125ba4603f726bd1d257d4343f59d1584c0736db.exe

    • Size

      508KB

    • MD5

      88367344c224ae3ed9030cfcb389184a

    • SHA1

      a9b8a7f5ce5059e1423b5399199d3f7398956329

    • SHA256

      6df186c3d5c563f492abed3e125ba4603f726bd1d257d4343f59d1584c0736db

    • SHA512

      a41cfa28fe323d3e69cf94145e97a41df59bff253acd7e377602d0cdfcf93416b8df0cc7c18c8514be8fd9999092124d132ac374e43110afc3d6a55d362e2f38

    • SSDEEP

      6144:g/1z+5QuL0f5QjKeVgv+v8mZFU2WKXFetnnOX7DKjimqcZfRPJXwOu1qlb:g/l8Qf5ct8A9WkFAnOXSqSJUqlb

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks