fickerstealer | 69146cb1a512e6a4063042d7ec5e9e1857f33fc6ac02a7bcefcd289fc79ffe93

Analysis

max time kernel
136s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2022 09:44

Target

3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83.exe
Size

5.3MB
MD5

ea7ea286b1c34c7784b510831b3683fb
SHA1

f3fe585bc5a2650a6fb4df6833d2aeb80d3e5045
SHA256

3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83
SHA512

c96c7162fd6ada50de7de75b336ff3c9eba181a8e4d955b06e86c6fb8a80d03f4ada53fab5e423c6d308fcfc41bf445e7b2d79bf13be2eed2c352e4851acdec7
SSDEEP

98304:Ou7sHDUFyq6ltzmzwqGOceVIODtHdkIt9KmmMAi6zDySg9lU4Pv0w:V+D4yq6ltSwqGZQ9rdrIDySgY4P8w

Score

10^/10

Family

fickerstealer

65.108.27.133:80

Fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4832	3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83.exe
4832	3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83.exe

C:\Users\Admin\AppData\Local\Temp\3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83.exe
"C:\Users\Admin\AppData\Local\Temp\3fd9ff9577965ca491e54eee026c061e4f2f54f275b8592095b20a71c0302c83.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4832

memory/4832-132-0x0000000000400000-0x0000000000C54000-memory.dmp

Filesize
8.3MB

Download
memory/4832-135-0x0000000000400000-0x0000000000C54000-memory.dmp

Filesize
8.3MB

Download