Overview

overview

10

Static

static

3300566fc0...9a.exe

windows7-x64

10

3300566fc0...9a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    175s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2023, 19:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe

  • Size

    349KB

  • MD5

    59024427b1d83a475e33157c41aa8048

  • SHA1

    e69ddf03cb1a72b5b6cfd07677fff2550b506077

  • SHA256

    3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a

  • SHA512

    f14e0c6c18ff8115156467621243aaefef6253dbede47747696029b433daa0bc2ddc420d0aebf2ca7394759a710b667e2fd18c5044d57c1a5476cc38f8bef40b

  • SSDEEP

    6144:xgqFVwCVJ4MzpHA7gc3sjYhIcwkoy6eZnBiSaL5X28mQ399ydab204VRJ:ZVwsm4pg7gcsYIFeVBiSaMKer04R

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

deniedfight.com:80

Signatures

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
    "C:\Users\Admin\AppData\Local\Temp\3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4252
    • C:\Users\Admin\AppData\Local\Temp\3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      "C:\Users\Admin\AppData\Local\Temp\3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe"
      2⤵
        PID:4224

    Network

    • flag-unknown
      DNS
      api.ipify.org
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      api.ipify.org
      IN A
      Response
      api.ipify.org
      IN CNAME
      api4.ipify.org
      api4.ipify.org
      IN A
      64.185.227.155
      api4.ipify.org
      IN A
      173.231.16.76
      api4.ipify.org
      IN A
      104.237.62.211
    • flag-unknown
      GET
      http://api.ipify.org/?format=xml
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      64.185.227.155:80
      Request
      GET /?format=xml HTTP/1.1
      Accept: */*
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: api.ipify.org
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Origin: *
      Content-Length: 12
      Content-Type: text/plain
      Date: Sun, 29 Jan 2023 19:53:39 GMT
      Vary: Origin
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      176.122.125.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      176.122.125.40.in-addr.arpa
      IN PTR
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • flag-unknown
      DNS
      deniedfight.com
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      Remote address:
      8.8.8.8:53
      Request
      deniedfight.com
      IN A
      Response
    • 93.184.220.29:80
      322 B
       7
    • 8.238.20.126:80
      322 B
       7
    • 8.238.20.126:80
      322 B
       7
    • 8.238.20.126:80
      322 B
       7
    • 64.185.227.155:80
      http://api.ipify.org/?format=xml
      http
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      559 B
       404 B
       6
      5

      HTTP Request

      GET http://api.ipify.org/?format=xml

      HTTP Response

      200
    • 13.69.109.131:443
      322 B
       7
    • 8.238.20.126:80
      322 B
       7
    • 8.238.20.126:80
      322 B
       7
    • 8.238.20.126:80
      322 B
       7
    • 104.80.225.205:443
      322 B
       7
    • 8.8.8.8:53
      api.ipify.org
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      59 B
       126 B
       1
      1

      DNS Request

      api.ipify.org

      DNS Response

      64.185.227.155
      173.231.16.76
      104.237.62.211

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      176.122.125.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      176.122.125.40.in-addr.arpa

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      305 B
       5

      DNS Request

      deniedfight.com

      DNS Request

      deniedfight.com

      DNS Request

      deniedfight.com

      DNS Request

      deniedfight.com

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    • 8.8.8.8:53
      deniedfight.com
      dns
      3300566fc05d714abb32bad90f37290e232cafc50709b7fb4c828c911d6e1b9a.exe
      61 B
       134 B
       1
      1

      DNS Request

      deniedfight.com

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4224-133-0x0000000000400000-0x0000000000449000-memory.dmp

      Filesize

      292KB

      Download

    • memory/4224-137-0x0000000000400000-0x0000000000449000-memory.dmp

      Filesize

      292KB

      Download

    • memory/4224-138-0x0000000000400000-0x0000000000449000-memory.dmp

      Filesize

      292KB

      Download

    • memory/4224-139-0x0000000000400000-0x0000000000449000-memory.dmp

      Filesize

      292KB

      Download

    • memory/4252-135-0x0000000000AE2000-0x0000000000B09000-memory.dmp

      Filesize

      156KB

      Download

    • memory/4252-136-0x0000000000980000-0x00000000009C5000-memory.dmp

      Filesize

      276KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.