General
-
Target
58433f617218ea615f48b5670b6ac8cbbe579e6c71cbb9a4a127f02d8ccb52e6.zip
-
Size
345KB
-
Sample
221114-lqjdnsbf4x
-
MD5
f1634624101355b9ac9d14e5df2fdf45
-
SHA1
2b3d7afc1b9c452068431cd1bbbaff51cc12251e
-
SHA256
d368fffe9d55fd9857572f7a17228813958149ab1a5d45a007c097c743dce0a7
-
SHA512
be8f20d16bfd934ffd89644dd7da031520df83986869f632d1609de560795ac143fc8c3f58aca1f7ab7f8cd437e62607277f09073b8120afff316c81ab49a5e4
-
SSDEEP
6144:/j15y+v8ujuBN7yEY1X0grNAK91H09lMq54fzKzsRdoDU2AUzedwzFpmQUUJ2zn5:/j15D8bNGEYGwio09NSuYPv2Jzj3BJ2l
Malware Config
Extracted
fickerstealer
linkappd.link:8080
Targets
-
-
Target
58433f617218ea615f48b5670b6ac8cbbe579e6c71cbb9a4a127f02d8ccb52e6.exe
-
Size
445KB
-
MD5
4ba007b10190fdae6ab529ead92ac85e
-
SHA1
12a3b473e99b258dbf3692467d960ab3b421c71c
-
SHA256
58433f617218ea615f48b5670b6ac8cbbe579e6c71cbb9a4a127f02d8ccb52e6
-
SHA512
9b9abcfc8ec3b8a13bd33c5f3fccd44290dd8ab319e23e36ae5a9ce6c98fed50c0b8fbabdcd2ebaf1ad2dfff822eb0be6d44a0b5de2ac332bcb6faa55ac613ee
-
SSDEEP
6144:7h43lPnBElcXJaq5sWMZVuV1DqUPb49Zva5AFTcK4yJB1S949g7ITsqeewVf6XOO:7OB8cXxuWPqR9ZvwAFTB4yJTt9g7RWl
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-