fickerstealer | 024930565755d2185c635d6b43624922f5fd1a6691098469c206de79548e9cf0 | Triage

Sharing

General

Target

3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5.zip
Size

344KB
Sample

221124-rf848sch6z
MD5

a56c8f042d1275639c72f1faa0f2877f
SHA1

39e32bf1a0350f1ff0b0628b24dc4751bf4b5bb6
SHA256

024930565755d2185c635d6b43624922f5fd1a6691098469c206de79548e9cf0
SHA512

37174925f941eeddafa3f45134445cab2388e8e84f45eaa62f1a3b4af62aae7717d2fd333b3f2ae48111af7a5d6caf83e98b31cbc61c375c1fc46e31b3f02b8a
SSDEEP

6144:3gwB840InvWg54KY0wXGbwiRQYiuJjhhLnW/A7nibgCN0+dAeeDaqRLFj1dd7SEb:3gKdhnt5Y0NbbiuJiA7n+dAeepR7IK

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

fickitd.link:8080

Targets

- Target
  
  3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5.exe
- Size
  
  450KB
- MD5
  
  1f2d5f5d0d9e2b1f1c2578fa486b5d9a
- SHA1
  
  66c1aad77ab3a225a364ea4968cde3ee036a3273
- SHA256
  
  3a74357c64f3db596be5ed271a97d87dfe9cc919d96d524cc86e3cba786991b5
- SHA512
  
  967de776b452c9828aacfcb12f8e743fa406e68a8fe55b0e3b3ef5387a7b39c68db82503c82f9e182a61eba0ee19e255f0bc3eb22e672f70765513f275a62583
- SSDEEP
  
  12288:Hdl8dX+FMUc2+Z6i3/VmUxpoex4PUunUv4:HdiXWxR+Z6i3/V9N4zW4
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer