fickerstealer | f25bd2621fef9ec7fcac9d0d4329d92e8024db42debc9ece9c877c5804b987b2 | Triage

Sharing

General

Target

e9b7110334eeff9ee59b644a4cbc8f0bd8e90c5cdb7c6b0c6426cbbd4567176d.zip
Size

320KB
Sample

221114-lqh3xabf4w
MD5

4f29af64be38bf4c67729e2edbcf2098
SHA1

ee91bcf3bf93f5368f0df0f34e732a032c7cda5a
SHA256

f25bd2621fef9ec7fcac9d0d4329d92e8024db42debc9ece9c877c5804b987b2
SHA512

514fad2f7b4a3436d24deda7f0635d65bc079e16b94ad9230bfa22f14fbbad47d3314135871d8e07d4a013f8795eb4eef37c5a589dd198cc1796e2a33d377086
SSDEEP

6144:PIonNoCUVCHhMoBeKiv+i4GxA3Osrqz1SuzWQOWsgGBfVgzq+tFxA:PIk8CHhMoBep4ws4tzWQWg+fOzq+tFa

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

fickitc.link:8080

Targets

- Target
  
  e9b7110334eeff9ee59b644a4cbc8f0bd8e90c5cdb7c6b0c6426cbbd4567176d.exe
- Size
  
  479KB
- MD5
  
  1f48341ff3031b71e213c19d3fafbc46
- SHA1
  
  b03f6332adb7098e73be63f54f5b5c36ed0dd1ee
- SHA256
  
  e9b7110334eeff9ee59b644a4cbc8f0bd8e90c5cdb7c6b0c6426cbbd4567176d
- SHA512
  
  59b3ed7d8baf3c9f594d20d8c4057329f279f372c1fe0ec05af71b168585a4ff3a48f9b39bdcdc02a3c8e16e3f3dd9b828073473f35219e15effb2c4215b4b89
- SSDEEP
  
  6144:+4qZR5CH1lgLqTwSuKr0mWshFXsn3o/3I/4ZhuPtrd9UkZlkVEbcfPRSBQGAlc7M:3q3lBK6YBs3i3I/KUt7Uk0VnEBQxt
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer