Extracted

• • Target

    a983f92e01f896658e290d072fc82e72.exe

  • Size

    617KB

  • MD5

    a983f92e01f896658e290d072fc82e72

  • SHA1

    8e531921442d1e8d2a264b825009e06d829a037d

  • SHA256

    d79a1f94e5bd55d0ac6b65c55984801b876fd27236a7e458ccba4e49e2a9bd85

  • SHA512

    b28309374c275ff42573aadb4e7b2ce0c85618c1b7dda9d43c3f58acdac722ae974e19d3fd4e006229afe3bf9f2bfd2124fdaf642011afb9f982b4529fe0120f

  • SSDEEP

    12288:6o+8M9y1CuNt7DDYm+za1dwjk/Zf0sOveMTrPuAyBZ7:6o8VuNRMfza/wgxd6hH67

  Score

  10^/10

  fickerstealerinfostealerspywarestealer

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2