General
-
Target
642c7333927b2581ffc854f55793677a203788fb55a53e8916ae58d4cd0828f5.zip
-
Size
5.2MB
-
Sample
221114-lqkazage47
-
MD5
b735411f9d04a6bbe408cee9a483ff2d
-
SHA1
285037e69329aef5167a33683c826f93aa2c07c1
-
SHA256
2c7b9551db37471000c475793cd8cd5521f0f27aa84eca5028c3fed7134e3ce3
-
SHA512
0dc259856a8f2c76e9720827867c9e2284173d9ddcf26957f901f3926b4fe9464b8bac0e2a0e4882b8c837daf51380b2c36665c8f54d8cc7777e5bf68e24170c
-
SSDEEP
98304:bQseXtxcEeWF4y2KHUZ5QyzD8CUB4ymhXyko8MRAV2U2XwWiGyDvOBg4P:cT7949oUZ1nbR1yl5TXwWU0g4P
Malware Config
Extracted
fickerstealer
185.163.45.132:80
Targets
-
-
Target
642c7333927b2581ffc854f55793677a203788fb55a53e8916ae58d4cd0828f5.exe
-
Size
5.7MB
-
MD5
ddd5bb53200e40fc5b34fd7e6448e815
-
SHA1
0e55418801977101a01d86661b91708dcbeb77a3
-
SHA256
642c7333927b2581ffc854f55793677a203788fb55a53e8916ae58d4cd0828f5
-
SHA512
69251a229641307125d41cb15533384b2bea21713d4b78312bba0a9fdcf772fd238ba78f8f99a4f8a4aa031e0177a6319d740213d6176b2f829ca0bd865da823
-
SSDEEP
98304:8SioTgQu/5J0Mx7VoRqoR6QC75qAujjDPAj+fq4v3snPcMp:s/v0OVoRhR6Z74A0jrAj+yYAcK
Score10/10-
Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
-
Babadeda Crypter
-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-