fickerstealer | acddba3adcfc5a958f149a35603ae3225806371f34ad090ddff395583fa623fe | Triage

Sharing

General

Target

12bb8ed4385c0e52f3e43b54a87f1ce80c829e3de44e1586dfabfedccf67ec2b.zip
Size

271KB
Sample

221114-lqg6lsbf3y
MD5

bc34574686db4a52da2ecf65a4ab2185
SHA1

0a4c2ff3a956adb1dfa1e9ea6b9b8ba537b39d69
SHA256

acddba3adcfc5a958f149a35603ae3225806371f34ad090ddff395583fa623fe
SHA512

0d307ceb621a5ab56606e4040a7fc9bd1ae2de99168ded27da2c46ef5cf0c69196c541315cdf203bc0b7f5f62d5d79f15470d370a0a686fd4102f5d4b32f0a70
SSDEEP

6144:2w8uLJhGcCRBB052ROQYGJNXTRWX6zW9vj9:2wlLJBC+w3/jDRWBvj9

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

game2030.site:80

Targets

- Target
  
  12bb8ed4385c0e52f3e43b54a87f1ce80c829e3de44e1586dfabfedccf67ec2b.exe
- Size
  
  434KB
- MD5
  
  b73194a81a9a57c97c6615faef5c4415
- SHA1
  
  68c6474188f587dcc146898543e564566b646d82
- SHA256
  
  12bb8ed4385c0e52f3e43b54a87f1ce80c829e3de44e1586dfabfedccf67ec2b
- SHA512
  
  a91655017021a2d99c395a61eeab50074b9cc4ef98062a6c67e9571afac3cdd1df5ca2cb9b5e6db89e867fc9cb1a7a4abf71e268a2009e9556539604fef6c14c
- SSDEEP
  
  6144:9BshZeNLwDLlKC0uv292QxV8bKkSwnrYAYMW0rLAb56dpLN4XQKJ3:rAsNUKW0TxmtrzYMW0rw3
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer