Overview

overview

10

Static

static

6df186c3d5...db.exe

windows7-x64

10

6df186c3d5...db.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6df186c3d5c563f492abed3e125ba4603f726bd1d257d4343f59d1584c0736db.zip

  • Size

    340KB

  • Sample

    221114-lqjpfage43

  • MD5

    e6944ed90c062ed09b7a810c536d4963

  • SHA1

    1e432e23056da480ad9e4b007797fe3f83fc4acd

  • SHA256

    64c80f94b8509736409202e23f050c87a0ecf15e8140a4505e8ce3fe5efdbbac

  • SHA512

    1fb4ba6764ac4cf0b960ff665f29fb985e39c92aebc9f1f0c1150d48a60cd3f1b0c766e01fd20925045294e77a9451e7954febabff2ce3642b50a56890074cf1

  • SSDEEP

    6144:IuOgdkyvqZNTLfR7lgXvOQGUbqheoiDFWJC/7IPKMEFQAnK3PkCkP3b6jWLcC:In+kyvYLfR7lgfmUbrEJNPx4Q9s3Pej6

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

fickitc.link:8080

Targets

    • Target

      6df186c3d5c563f492abed3e125ba4603f726bd1d257d4343f59d1584c0736db.exe

    • Size

      508KB

    • MD5

      88367344c224ae3ed9030cfcb389184a

    • SHA1

      a9b8a7f5ce5059e1423b5399199d3f7398956329

    • SHA256

      6df186c3d5c563f492abed3e125ba4603f726bd1d257d4343f59d1584c0736db

    • SHA512

      a41cfa28fe323d3e69cf94145e97a41df59bff253acd7e377602d0cdfcf93416b8df0cc7c18c8514be8fd9999092124d132ac374e43110afc3d6a55d362e2f38

    • SSDEEP

      6144:g/1z+5QuL0f5QjKeVgv+v8mZFU2WKXFetnnOX7DKjimqcZfRPJXwOu1qlb:g/l8Qf5ct8A9WkFAnOXSqSJUqlb

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks