fickerstealer | b680fb608fc63a4bea387a85821a5c4ff6e04738bdd4ac1677c101974c9378de | Triage

Submit
Reports

Overview

overview

Static

static

b680fb608f...de.exe

windows7-x64

b680fb608f...de.exe

windows10-2004-x64

Sharing

General

Target

b680fb608fc63a4bea387a85821a5c4ff6e04738bdd4ac1677c101974c9378de
Size

372KB
Sample

230129-ylrkpsbe23
MD5

055f554efec59cc7d8c4c9d06840da93
SHA1

a7b58f43025af9475cc209c97d0bfaa6482847cf
SHA256

b680fb608fc63a4bea387a85821a5c4ff6e04738bdd4ac1677c101974c9378de
SHA512

e54e72d33ea5775c7d4b42e4a19664d1b02aa91c6537535f8afc8cf4c7b49ed8bc45a3b0abf08eca0c861fcec843db132139bbe61ca3ae5a7480bcfdff0d9864
SSDEEP

6144:UPPng7y87HCSTvnIMUyII45dS1db2wQQvOzOcAxztmafTmtZbtJGo5rnAgn:U3g287HHTwMU48u0lQvOC7xD0zJ50gn

Score

10^/10

fickerstealer infostealer

Static task

static1

Behavioral task

behavioral1

Sample

b680fb608fc63a4bea387a85821a5c4ff6e04738bdd4ac1677c101974c9378de.exe

Resource

win7-20220812-en

fickerstealer infostealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

b680fb608fc63a4bea387a85821a5c4ff6e04738bdd4ac1677c101974c9378de.exe

Resource

win10v2004-20220812-en

fickerstealer infostealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

fickerstealer

C2

deniedfight.com:80

Targets

- Target
  
  b680fb608fc63a4bea387a85821a5c4ff6e04738bdd4ac1677c101974c9378de
- Size
  
  372KB
- MD5
  
  055f554efec59cc7d8c4c9d06840da93
- SHA1
  
  a7b58f43025af9475cc209c97d0bfaa6482847cf
- SHA256
  
  b680fb608fc63a4bea387a85821a5c4ff6e04738bdd4ac1677c101974c9378de
- SHA512
  
  e54e72d33ea5775c7d4b42e4a19664d1b02aa91c6537535f8afc8cf4c7b49ed8bc45a3b0abf08eca0c861fcec843db132139bbe61ca3ae5a7480bcfdff0d9864
- SSDEEP
  
  6144:UPPng7y87HCSTvnIMUyII45dS1db2wQQvOzOcAxztmafTmtZbtJGo5rnAgn:U3g287HHTwMU48u0lQvOC7xD0zJ50gn
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer

© 2018-2024

Terms | Privacy