General
-
Target
9bd83ae2fe3883417d90c0565f8a740d841f5d8886665131b9f4f863d463e4c0
-
Size
346KB
-
Sample
230129-wlbs5shf5x
-
MD5
c2adbad2baef729e8ee1643524248bec
-
SHA1
78bfff37fb9b82bbbd2c95194ceff07785722b7a
-
SHA256
9bd83ae2fe3883417d90c0565f8a740d841f5d8886665131b9f4f863d463e4c0
-
SHA512
3be93bf2237f1fc7a96354e3df4a18ff45861fd0dfee6aa5dacfe9a6d3382fd11780cd023f6907b161c12d728cfab4a94d6932a5745952a6f8e3cd6c2114879d
-
SSDEEP
6144:whg0hjEuy6CevkLU/x2QKNq9dW734b6v3g7ykZMW7iWqZFiWytop1R5:yhguy6hvk4xzKNq9o7366fg7AWeRZFK8
Malware Config
Extracted
fickerstealer
74.119.195.40:80
Targets
-
-
Target
9bd83ae2fe3883417d90c0565f8a740d841f5d8886665131b9f4f863d463e4c0
-
Size
346KB
-
MD5
c2adbad2baef729e8ee1643524248bec
-
SHA1
78bfff37fb9b82bbbd2c95194ceff07785722b7a
-
SHA256
9bd83ae2fe3883417d90c0565f8a740d841f5d8886665131b9f4f863d463e4c0
-
SHA512
3be93bf2237f1fc7a96354e3df4a18ff45861fd0dfee6aa5dacfe9a6d3382fd11780cd023f6907b161c12d728cfab4a94d6932a5745952a6f8e3cd6c2114879d
-
SSDEEP
6144:whg0hjEuy6CevkLU/x2QKNq9dW734b6v3g7ykZMW7iWqZFiWytop1R5:yhguy6hvk4xzKNq9o7366fg7AWeRZFK8
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-