Extracted

• • Target

    ae8f1cd095afa12559ecca86166d8a7a.exe

  • Size

    396KB

  • MD5

    ae8f1cd095afa12559ecca86166d8a7a

  • SHA1

    3b1be222db87f7a04d40e7062467e52a9cda9757

  • SHA256

    fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9

  • SHA512

    3a6e05f451e16cfdf8b564372377251bba95e4e6e423179d2dbd3fe6c0bd584dbde45e24c06b214f0317c9f7894ecdcc5c903c8e867784b03fcd028b8349c61a

  • SSDEEP

    6144:ANL1bEzN+yhi6zKDAEdgNYYFRMNZAJHdRRqVhZilkbrNmYQASsui9yD6b6W:ANxAzNzlODAqgzKj2bAVqMrNR/86bv

  Score

  10^/10

  fickerstealerdiscoveryinfostealerspywarestealer

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2