Overview

overview

10

Static

static

3e455eb86a...22.exe

windows7-x64

10

3e455eb86a...22.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e455eb86a62a185bb0c5446df337d6823c71b743f7ee16d3e2ee643c476d822.zip

  • Size

    357KB

  • Sample

    221124-rf848sch61

  • MD5

    8857ec39e358c8e97b43736c1cb94a77

  • SHA1

    71fd6cddafc95beb041c9d5da7fbd0777db07cca

  • SHA256

    b5bebf79208c5b35e5cc91ce923f63bebaea0849930b069c9d6444cf0cec723d

  • SHA512

    a8f1fd629de590d06c8cd4e68fb7e5250270ed5023e41a413dd0e3c5e94d033f4467bc11f6f804ca85914ed241875e47b0ef2cdc8419986a13dcfbe1fa31c188

  • SSDEEP

    6144:T4DbjARvJQ0m9Ohw8fP2egkApPRikzLs9vwAwraM6k6jEEeKa/g32:T4H8Rv+0mQq8f+LkAJEkzLgMnk1La/x

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

alogsme.link:8080

Targets

    • Target

      3e455eb86a62a185bb0c5446df337d6823c71b743f7ee16d3e2ee643c476d822.exe

    • Size

      470KB

    • MD5

      17098ec6304ab82894d4921a319e26f4

    • SHA1

      f46f62d4e0d066fae37e24b7afb24fbeab704205

    • SHA256

      3e455eb86a62a185bb0c5446df337d6823c71b743f7ee16d3e2ee643c476d822

    • SHA512

      34bb005574a357e4d1e91b6dcec22f9c98d7b3c4a47e463a47d2708e8a43ee996c8f71de74bacb337b27ba1e18f5fd94927cef3317381adefba8e6e50ee9a1f9

    • SSDEEP

      12288:Fn1jdB0YqAxghPO6X0NYOZvpiUDr+dIFTy9gT6Y:Fn1jIYDIPjkGOmUDr+KFTy9gT6Y

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks