fickerstealer | f6eb0779ed543037991f587d1616015a2869cd9a09b08bde3bf966a223587078 | Triage

Sharing

General

Target

456e86c827d3b4018aa9d78ad50ef6a301d512c92fc3e1dc8a6c9fa1ea6cfbfd.zip
Size

225KB
Sample

221114-lqn9xsbf6x
MD5

70efbb97b966502f1a66947349d991fb
SHA1

2160210eac7b68787d8d980a4a8125d9a8090353
SHA256

f6eb0779ed543037991f587d1616015a2869cd9a09b08bde3bf966a223587078
SHA512

b5759389757a0ee3a814ac314d3cae5b7b157b9de701cb155492e7843d21c538c018035ffa366584f234f27e46cfd24b021b788843be5afb25b62ec0ddb4b950
SSDEEP

6144:NJHXAiXZ1U7kLNU9zwgG/3c68df8WbtS4:Yip1U7kLlx/3t8dfjbQ4

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

45.67.231.4:80

Targets

- Target
  
  456e86c827d3b4018aa9d78ad50ef6a301d512c92fc3e1dc8a6c9fa1ea6cfbfd.exe
- Size
  
  283KB
- MD5
  
  0481991867b39d87cb166b1895247b60
- SHA1
  
  202c7652a1783c0cd825eb8737d2211ada61d1da
- SHA256
  
  456e86c827d3b4018aa9d78ad50ef6a301d512c92fc3e1dc8a6c9fa1ea6cfbfd
- SHA512
  
  1dba8f332de9e82fc94d913ef2a50e5a9fccd542ec02e34f5226414d0f194d91f7e64475bd88ac2c9534bc523b653fd2a30c217cbc545a1c2c36ffe8d22f506e
- SSDEEP
  
  6144:I9cFVaLvOvuMtY6rJWV0QTr7uFvq/PYzsrnynEvB5tM:7FVaCvft/QajT2+
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer