fickerstealer | a0c667e473bbcf4b67f08f784f0e842b56cac912670577798e82f59b76a4a3a1 | Triage

Submit
Reports

Overview

overview

Static

static

a15799366e...5f.exe

windows7-x64

a15799366e...5f.exe

windows10-2004-x64

Sharing

General

Target

a15799366ecdc252e16e8ed459da675f.exe
Size

404KB
Sample

221219-qsgp3sfb32
MD5

a15799366ecdc252e16e8ed459da675f
SHA1

b7d81a6d4d7c01b3b7ab282c0a0ea17d33ce080b
SHA256

a0c667e473bbcf4b67f08f784f0e842b56cac912670577798e82f59b76a4a3a1
SHA512

d8460105c47aa5a3402ede20bf0722906c279077fd737d9c1351d1572acfa23ca0be60023535ccf294b0e14b33217bec4be74a6ec3404625ff14fda36e702521
SSDEEP

12288:EkiqcnjTelNaEvMmb8WrTGNiot+QQMpEF:I2lQhXWTuiWhQ3F

Score

10^/10

fickerstealer discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

a15799366ecdc252e16e8ed459da675f.exe

Resource

win7-20220812-en

fickerstealer discovery infostealer spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

a15799366ecdc252e16e8ed459da675f.exe

Resource

win10v2004-20220812-en

fickerstealer discovery infostealer spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

fickerstealer

C2

dfthdsb.link:8080

Targets

- Target
  
  a15799366ecdc252e16e8ed459da675f.exe
- Size
  
  404KB
- MD5
  
  a15799366ecdc252e16e8ed459da675f
- SHA1
  
  b7d81a6d4d7c01b3b7ab282c0a0ea17d33ce080b
- SHA256
  
  a0c667e473bbcf4b67f08f784f0e842b56cac912670577798e82f59b76a4a3a1
- SHA512
  
  d8460105c47aa5a3402ede20bf0722906c279077fd737d9c1351d1572acfa23ca0be60023535ccf294b0e14b33217bec4be74a6ec3404625ff14fda36e702521
- SSDEEP
  
  12288:EkiqcnjTelNaEvMmb8WrTGNiot+QQMpEF:I2lQhXWTuiWhQ3F
Score

10^/10

fickerstealer discovery infostealer spyware stealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fickerstealerdiscoveryinfostealerspywarestealer

behavioral2

fickerstealerdiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy