Overview

overview

10

Static

static

1787460d57...90.exe

windows7-x64

10

1787460d57...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1787460d5784f717397a6e3bda4e8b835e855e53a384eb6e50d12311b8788b90.zip

  • Size

    290KB

  • Sample

    221114-lqncmage58

  • MD5

    33327386c5c9caa3c865d12371edc53f

  • SHA1

    ad1f5daddbf9abf2eefd4a01df47f385e1d888f2

  • SHA256

    42d19d0c908125ebeba9cbb5a0acae7d61cc5b5efd58f548a2748644ee49a1d6

  • SHA512

    8a6d0a2eaf44f352323b0c616fd644da3d3a3df43d4b2f6adf25dc314b03602af89d38c5df75aac103c2ae4b645f523debef5d0301c6f66bd5d50d2cad33cd16

  • SSDEEP

    6144:TQvwb60ZF/ddpksbtZv+WhsENIVHtIwHCxkT8tKYkxOJ2km:sob1F/DpkUZv+WhsENIVNIwHCx1Z2t

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

mistral3.xyz:80

Targets

    • Target

      1787460d5784f717397a6e3bda4e8b835e855e53a384eb6e50d12311b8788b90.exe

    • Size

      510KB

    • MD5

      344d0fae77046d608a50b4f07f7e2767

    • SHA1

      b600dab2678c4a487c6009e0f3bf8a6bf00efa71

    • SHA256

      1787460d5784f717397a6e3bda4e8b835e855e53a384eb6e50d12311b8788b90

    • SHA512

      fd4ee7a2fb76123dc51c5089a624bbc4ca417a02e2c429850f5d05ad3d244b69e2ff41a6284eadb4dcf229bd96e3730f212b064368c4a0629ed74f6995622e34

    • SSDEEP

      12288:ZSAdQClH18X/kq+Cw6rWdk9n/Bls9EdhWX1EW0rF3:ZPrH1OE+WO9/Bls9oIy3

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks