General
-
Target
dc0bfd7d5d6388b135c18ca902760a62eed421a60dc631256a76b7bb332d8914
-
Size
365KB
-
Sample
230129-wgygcagb24
-
MD5
81e8664284df9b206f27d6bfa2c200b0
-
SHA1
be816f5655a1806862a0739626c71f06f000f7e6
-
SHA256
dc0bfd7d5d6388b135c18ca902760a62eed421a60dc631256a76b7bb332d8914
-
SHA512
701b410ffa9aa6bf7f6f5aff058241ca4a8e55634f1f3dbf73e9df4cf33e90212e31c7ad4f0bc334ab1fea37f1152561adb84ff893491f1cd20906bed0d3809a
-
SSDEEP
6144:0rgsUf1MN2h6rgXIRhWjaK+XQe/7nonfV0apmFOwjKLzYn8lZsNeW:0rgsUf1MN2hDXHwBjonfV9m0wyzA8PW
Malware Config
Extracted
fickerstealer
deniedfight.com:80
Targets
-
-
Target
dc0bfd7d5d6388b135c18ca902760a62eed421a60dc631256a76b7bb332d8914
-
Size
365KB
-
MD5
81e8664284df9b206f27d6bfa2c200b0
-
SHA1
be816f5655a1806862a0739626c71f06f000f7e6
-
SHA256
dc0bfd7d5d6388b135c18ca902760a62eed421a60dc631256a76b7bb332d8914
-
SHA512
701b410ffa9aa6bf7f6f5aff058241ca4a8e55634f1f3dbf73e9df4cf33e90212e31c7ad4f0bc334ab1fea37f1152561adb84ff893491f1cd20906bed0d3809a
-
SSDEEP
6144:0rgsUf1MN2h6rgXIRhWjaK+XQe/7nonfV0apmFOwjKLzYn8lZsNeW:0rgsUf1MN2hDXHwBjonfV9m0wyzA8PW
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-