fickerstealer | 3da3bf2fbe970bf163f64a9db60a9b1f6cec2859037efbf6651a09e43fc30216 | Triage

Sharing

General

Target

509a12684cbe4807cff583c20831617ed823605226c022391e66e50be0227d8d.zip
Size

284KB
Sample

221114-lqjz7sge45
MD5

7ee8ae56c624a81e2333265de5dae976
SHA1

1ec389a3387aa427a06b10ce81e57b9f946b2ac8
SHA256

3da3bf2fbe970bf163f64a9db60a9b1f6cec2859037efbf6651a09e43fc30216
SHA512

6c8a45313e12d9b45f1517d8c1e969e698d7251b069836dd3f5dd1bc992f2fc0d58256e0b16851b34a76f60857b487ee325c69f0709c79b9058dc966406eaa67
SSDEEP

6144:OEQoOdo0WL7cCbZuUaRJ43RBi2kRqEIu34ixj7GBDkJlXL:OEQ1o0WvFEe3iqEIM4ix2BDkJNL

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

asfasfvcxvdbs.com:80

Targets

- Target
  
  509a12684cbe4807cff583c20831617ed823605226c022391e66e50be0227d8d.exe
- Size
  
  469KB
- MD5
  
  a805ad0e74f9740a16855d75ce422b5b
- SHA1
  
  b0aad0de40153ebb88ed374165baad591d75df18
- SHA256
  
  509a12684cbe4807cff583c20831617ed823605226c022391e66e50be0227d8d
- SHA512
  
  eb5fedd7adb375a637a9dda5ab57db95d3bc8ad1035d96fa3f05bc4211c815447e8b222711bd746c7266cddcb1da7bcb0fe569fc22eb2082c1bc4001ea91a2ab
- SSDEEP
  
  6144:nrq0EiwG+9zt0449RZqy6wOZg0AALv21XaW0rLFb56dpLN4XQKJ3:nwiIu99PqtZXAYIXaW0rN3
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer