General
-
Target
cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d.zip
-
Size
10.1MB
-
Sample
221114-lqqgzsbf6y
-
MD5
a5a6e80dcb7a51c02a16a02d695c1ffe
-
SHA1
57d7cc76940b0c249db60c90570874676beee4f4
-
SHA256
fad9151bdf6b42b534a4eca9c0fa331970fc0596e1ffd4fcba245b2a1cfc936b
-
SHA512
2fac7b091feca1bb13b3a8b2df0be51d67ebcce9682ffafce809415b951e7c2a60de322c1a33a5f6c6d9c5e1f1f02f0eb15889d1cc3dd4ff13c54d90fcf6b520
-
SSDEEP
196608:RZF79UcVBfPVPPLGEKffa06KgH0PduzXtFL84bGfuE7e8AMla4vhjS:F7icDDGRC0lgW2Xtt84ifuEq8PbjS
Static task
static1
Behavioral task
behavioral1
Sample
cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
fickerstealer
prunerflowershop.com:80
Targets
-
-
Target
cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d.exe
-
Size
10.7MB
-
MD5
60bce89d8df5caa28d3d73ee4c94313a
-
SHA1
878e237aeb528a1e4c6c3fe53cb4ffd1c420231e
-
SHA256
cf88923b7d0287884870af999a8d64f90c7deeb4c4d09feed406472ff259b30d
-
SHA512
963629759df10731e7b49a113fd4eb462286d26d4b394bab89bea35f4515cc907d803b01313764b973ebd4876a40e2fff820ad6b10f7a142e74a31a836010665
-
SSDEEP
196608:yxthehwzf4soekmmf7zADj75xtw0QkyPAm2VxdG1P5K5S2njugWR:meCBoeq7adK7JonCxC7juR
Score10/10-
Babadeda Crypter
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-