fickerstealer | 7c2b51c31a895f2eeb6afe748f11d0f6a16355b01c41f22749043c0da7804206 | Triage

Submit
Reports

Overview

overview

Static

static

1

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Sharing

General

Target

Setup.exe
Size

793.8MB
Sample

230215-netflsbc6y
MD5

9a851a47a9bd2f92c61d2486d1be3064
SHA1

3cda31c06db97246705d95dfcf4908eafb514b87
SHA256

7c2b51c31a895f2eeb6afe748f11d0f6a16355b01c41f22749043c0da7804206
SHA512

90340910dc1ee90ccfe7f451578de67c5ca32b95525157acd8b5bc2e99b9c0b2254bfb58997cc848a0ead871bc3f1e03dbb152d56aa709c4ecd3742404eec27b
SSDEEP

196608:6spHQk/ICYcdYtOQYMvm6Iu+8RuJQHIsuRuJyPquRuJXMD349nt3njto03qJbYav:6csCYgIBH2XD349nt3nW03s8up

Score

10^/10

fickerstealer evasion infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220901-en

fickerstealer infostealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20221111-en

fickerstealer evasion infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

fickerstealer

C2

45.93.201.181:80

91.240.118.51:253

Targets

- Target
  
  Setup.exe
- Size
  
  793.8MB
- MD5
  
  9a851a47a9bd2f92c61d2486d1be3064
- SHA1
  
  3cda31c06db97246705d95dfcf4908eafb514b87
- SHA256
  
  7c2b51c31a895f2eeb6afe748f11d0f6a16355b01c41f22749043c0da7804206
- SHA512
  
  90340910dc1ee90ccfe7f451578de67c5ca32b95525157acd8b5bc2e99b9c0b2254bfb58997cc848a0ead871bc3f1e03dbb152d56aa709c4ecd3742404eec27b
- SSDEEP
  
  196608:6spHQk/ICYcdYtOQYMvm6Iu+8RuJQHIsuRuJyPquRuJXMD349nt3njto03qJbYav:6csCYgIBH2XD349nt3nW03s8up
Score

10^/10

fickerstealer infostealer evasion spyware stealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerevasioninfostealerspywarestealer

© 2018-2024

Terms | Privacy