fickerstealer | 109e87e959b50f93eca14cde49214581e74fefdef85e891ae02ba84141acc013 | Triage

Sharing

General

Target

8a2365761853f027da2895b4f4a24f7f988255b00b837fe6caa6e8a5a067e99c.zip
Size

284KB
Sample

221114-lqhr5sbf31
MD5

852ccb34fb53ab915eb77366c4507760
SHA1

1f76ca010b08892fd787a53a4694356c064644b8
SHA256

109e87e959b50f93eca14cde49214581e74fefdef85e891ae02ba84141acc013
SHA512

c4fee24447c253f28ed5ba2c1f9b22a8fa9ab2b5b0a186cd42e0d887a2d07ea52b85b893c16f65eadbf55ac4cbf561c9efc48a265bc436213b61d3d3e832d789
SSDEEP

6144:K3JusTScltSoe8Y/GmnaXNxvRRkA/8ituUd4d+fmGdl5KnbA1vIu:gw7cTtCeNxpRxEitnOYfm2l9

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

asfasfvcxvdbs.com:80

Targets

- Target
  
  8a2365761853f027da2895b4f4a24f7f988255b00b837fe6caa6e8a5a067e99c.exe
- Size
  
  470KB
- MD5
  
  48ede083fc71d65ecccebaa824fd1dc0
- SHA1
  
  14a6353634af2037c180a7d14bd1d312b51e34d4
- SHA256
  
  8a2365761853f027da2895b4f4a24f7f988255b00b837fe6caa6e8a5a067e99c
- SHA512
  
  6061aa977ef35085bd056cc7d9ab5243c8e93a466cf54361c64bdcb84ce80d8a4f1f33813a87f0de2668f2b1ab2ec0dced87c612e10a369807b27e53413fb6ee
- SSDEEP
  
  6144:W+06dFf/CW9ELXwOFqLhWg/Tae+kAevdXaW0rLFb56dpLN4XQKJ3:rdF99s/q1B2oAelXaW0rN3
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer