General
-
Target
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5.zip
-
Size
344KB
-
Sample
221121-m2pkhabc4v
-
MD5
b784f1993deeb28346ba0be2bf1077e6
-
SHA1
719fcd840db0e933ccdc60412e0f2664b325d342
-
SHA256
03d53cdc123167c0380bc28388fba6016e4a1a36287949976dfb99f2d1bddec2
-
SHA512
e6fef04f3f1262872e89249727251051ce5844ca1e17cf7e0177bc51c67ae379ad44e6c3ed478941f2c1ef4389e6c6293c20d9e119550f820cd7b3475c755ca8
-
SSDEEP
6144:46jdPqVL4G6SCqM8ntF57yboi7xA+1DVEbkJzgg2dzs1Gd8cqDYHFIFAIK:46jdIX1yEiV1qbkSg2dEGCkH6tK
Malware Config
Extracted
fickerstealer
fickitd.link:8080
Targets
-
-
Target
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5.exe
-
Size
450KB
-
MD5
1f2d5f5d0d9e2b1f1c2578fa486b5d9a
-
SHA1
66c1aad77ab3a225a364ea4968cde3ee036a3273
-
SHA256
3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5
-
SHA512
967de776b452c9828aacfcb12f8e743fa406e68a8fe55b0e3b3ef5387a7b39c68db82503c82f9e182a61eba0ee19e255f0bc3eb22e672f70765513f275a62583
-
SSDEEP
12288:Hdl8dX+FMUc2+Z6i3/VmUxpoex4PUunUv4:HdiXWxR+Z6i3/V9N4zW4
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-