Overview

overview

10

Static

static

9083992637...dd.exe

windows7-x64

10

9083992637...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9083992637e90e412e6f4e77331eb69ee8db821c54bbc38533e0f889cc4ca9dd.zip

  • Size

    298KB

  • Sample

    221114-lqm2vsbf51

  • MD5

    fe7a33a9e7f43ad7b080eb55b3a6f9a2

  • SHA1

    3c154ba47772012510528851b1c93e3b1842c40c

  • SHA256

    3b1660f9d496e793dab524cd823e95a32cfe735938e2224718ede68c65020aa4

  • SHA512

    770cb91662490cc5b59f18300bf2a005eee62529aa5515dff796a6e657b6d952bf090918457c24e7fef74ef9294457b82bacb87c65f6e83869280efebfea5019

  • SSDEEP

    6144:sqW9ivZW7/lOGq8jRUXAB1yTBPkLDzyFYHwkg2vWaRDn6PX/P:49iB49rq8V5aN2HVvrRjsvP

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      9083992637e90e412e6f4e77331eb69ee8db821c54bbc38533e0f889cc4ca9dd.exe

    • Size

      536KB

    • MD5

      0fd7de5367376231a788872005d7ed4f

    • SHA1

      658e4d5efb8b14661967be2183cc60e3e561b2b6

    • SHA256

      9083992637e90e412e6f4e77331eb69ee8db821c54bbc38533e0f889cc4ca9dd

    • SHA512

      522d5be2803fbce0d12c325cc2ef1e3a92cec03aeba7d1164530093ad58caecd827dd557ca3c182a66c6667150e731de37bb552d19425f96cc78fe3423e1a863

    • SSDEEP

      12288:eKmlz464jAfhe5pUC1jAXBoFACBfz6JMW0rwrsu:oz4d/5iCj0BoNBb6Jh3

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks