General
-
Target
fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9.zip
-
Size
314KB
-
Sample
230107-2x541sad3t
-
MD5
604324d96908bf5097f86398a5f52463
-
SHA1
e8b1635a5a1bcae88c68e9a54bac134984b77954
-
SHA256
b37b7eab3c89bc021eee43a6b7ae5cfc20078fe5941acffb266caff7668e87d5
-
SHA512
4fe3c2dfcf424839f56856c23c44b2e9f38846c008cf28b6ab6768a3b9fdc5eb2331835c83090edfe1c1e842a7b2f22a5ee5d6bff456610a37f3c5b97a3bfddf
-
SSDEEP
6144:CqK6DyA1IrMJoqOiYbeVDY9169IsNiNX32uF7FulqzFPGaAaLMdtBNIln:Ct6DZIQeeaa9Ent7FuYzFjA5en
Static task
static1
Behavioral task
behavioral1
Sample
fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
fickerstealer
clogsme.link:8080
Targets
-
-
Target
fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9.exe
-
Size
396KB
-
MD5
ae8f1cd095afa12559ecca86166d8a7a
-
SHA1
3b1be222db87f7a04d40e7062467e52a9cda9757
-
SHA256
fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9
-
SHA512
3a6e05f451e16cfdf8b564372377251bba95e4e6e423179d2dbd3fe6c0bd584dbde45e24c06b214f0317c9f7894ecdcc5c903c8e867784b03fcd028b8349c61a
-
SSDEEP
6144:ANL1bEzN+yhi6zKDAEdgNYYFRMNZAJHdRRqVhZilkbrNmYQASsui9yD6b6W:ANxAzNzlODAqgzKj2bAVqMrNR/86bv
Score10/10-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-