General

  • Target

    a983f92e01f896658e290d072fc82e72.exe

  • Size

    617KB

  • Sample

    230224-fa4rsacb9z

  • MD5

    a983f92e01f896658e290d072fc82e72

  • SHA1

    8e531921442d1e8d2a264b825009e06d829a037d

  • SHA256

    d79a1f94e5bd55d0ac6b65c55984801b876fd27236a7e458ccba4e49e2a9bd85

  • SHA512

    b28309374c275ff42573aadb4e7b2ce0c85618c1b7dda9d43c3f58acdac722ae974e19d3fd4e006229afe3bf9f2bfd2124fdaf642011afb9f982b4529fe0120f

  • SSDEEP

    12288:6o+8M9y1CuNt7DDYm+za1dwjk/Zf0sOveMTrPuAyBZ7:6o8VuNRMfza/wgxd6hH67

Malware Config

Extracted

Family

fickerstealer

C2

91.228.224.98:8080

Targets

    • Target

      a983f92e01f896658e290d072fc82e72.exe

    • Size

      617KB

    • MD5

      a983f92e01f896658e290d072fc82e72

    • SHA1

      8e531921442d1e8d2a264b825009e06d829a037d

    • SHA256

      d79a1f94e5bd55d0ac6b65c55984801b876fd27236a7e458ccba4e49e2a9bd85

    • SHA512

      b28309374c275ff42573aadb4e7b2ce0c85618c1b7dda9d43c3f58acdac722ae974e19d3fd4e006229afe3bf9f2bfd2124fdaf642011afb9f982b4529fe0120f

    • SSDEEP

      12288:6o+8M9y1CuNt7DDYm+za1dwjk/Zf0sOveMTrPuAyBZ7:6o8VuNRMfza/wgxd6hH67

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks