General
-
Target
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5
-
Size
450KB
-
Sample
221115-rwqmtsab5v
-
MD5
1f2d5f5d0d9e2b1f1c2578fa486b5d9a
-
SHA1
66c1aad77ab3a225a364ea4968cde3ee036a3273
-
SHA256
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5
-
SHA512
967de776b452c9828aacfcb12f8e743fa406e68a8fe55b0e3b3ef5387a7b39c68db82503c82f9e182a61eba0ee19e255f0bc3eb22e672f70765513f275a62583
-
SSDEEP
12288:Hdl8dX+FMUc2+Z6i3/VmUxpoex4PUunUv4:HdiXWxR+Z6i3/V9N4zW4
Static task
static1
Behavioral task
behavioral1
Sample
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
fickerstealer
fickitd.link:8080
Targets
-
-
Target
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5
-
Size
450KB
-
MD5
1f2d5f5d0d9e2b1f1c2578fa486b5d9a
-
SHA1
66c1aad77ab3a225a364ea4968cde3ee036a3273
-
SHA256
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5
-
SHA512
967de776b452c9828aacfcb12f8e743fa406e68a8fe55b0e3b3ef5387a7b39c68db82503c82f9e182a61eba0ee19e255f0bc3eb22e672f70765513f275a62583
-
SSDEEP
12288:Hdl8dX+FMUc2+Z6i3/VmUxpoex4PUunUv4:HdiXWxR+Z6i3/V9N4zW4
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-