General

  • Target

    18da34f7af863cd6fe9926167b5f52c173f072d2ef4c78d05388ea7725e5c04e

  • Size

    363KB

  • Sample

    230129-yltp3abe24

  • MD5

    16ac1252a52f1c85d4f47f221e639e54

  • SHA1

    8462aa4bcb3325a0a335bdd5e9d1ba39176a954a

  • SHA256

    18da34f7af863cd6fe9926167b5f52c173f072d2ef4c78d05388ea7725e5c04e

  • SHA512

    9960b34863feea6e20892e9f69ed8e313796c271f36478599dc5ff2e1482363f53c0b554db52538fed448f9f615032c2f3cf29e42e7d2bf18b91821ed527f682

  • SSDEEP

    6144:hcMfJoczoqdwqyL31dwVZ9ZHhom1qdRiJBL9zZc05cGN27Ne1c5w:hcMhNz9dwqyLlgZ9Fhom1qiJBLP/5cGN

Malware Config

Extracted

Family

fickerstealer

C2

deniedfight.com:80

Targets

    • Target

      18da34f7af863cd6fe9926167b5f52c173f072d2ef4c78d05388ea7725e5c04e

    • Size

      363KB

    • MD5

      16ac1252a52f1c85d4f47f221e639e54

    • SHA1

      8462aa4bcb3325a0a335bdd5e9d1ba39176a954a

    • SHA256

      18da34f7af863cd6fe9926167b5f52c173f072d2ef4c78d05388ea7725e5c04e

    • SHA512

      9960b34863feea6e20892e9f69ed8e313796c271f36478599dc5ff2e1482363f53c0b554db52538fed448f9f615032c2f3cf29e42e7d2bf18b91821ed527f682

    • SSDEEP

      6144:hcMfJoczoqdwqyL31dwVZ9ZHhom1qdRiJBL9zZc05cGN27Ne1c5w:hcMhNz9dwqyLlgZ9Fhom1qiJBLP/5cGN

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks