General

  • Target

    3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5

  • Size

    450KB

  • Sample

    221115-rwqmtsab5v

  • MD5

    1f2d5f5d0d9e2b1f1c2578fa486b5d9a

  • SHA1

    66c1aad77ab3a225a364ea4968cde3ee036a3273

  • SHA256

    3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5

  • SHA512

    967de776b452c9828aacfcb12f8e743fa406e68a8fe55b0e3b3ef5387a7b39c68db82503c82f9e182a61eba0ee19e255f0bc3eb22e672f70765513f275a62583

  • SSDEEP

    12288:Hdl8dX+FMUc2+Z6i3/VmUxpoex4PUunUv4:HdiXWxR+Z6i3/V9N4zW4

Malware Config

Extracted

Family

fickerstealer

C2

fickitd.link:8080

Targets

    • Target

      3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5

    • Size

      450KB

    • MD5

      1f2d5f5d0d9e2b1f1c2578fa486b5d9a

    • SHA1

      66c1aad77ab3a225a364ea4968cde3ee036a3273

    • SHA256

      3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5

    • SHA512

      967de776b452c9828aacfcb12f8e743fa406e68a8fe55b0e3b3ef5387a7b39c68db82503c82f9e182a61eba0ee19e255f0bc3eb22e672f70765513f275a62583

    • SSDEEP

      12288:Hdl8dX+FMUc2+Z6i3/VmUxpoex4PUunUv4:HdiXWxR+Z6i3/V9N4zW4

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks