General
-
Target
a983f92e01f896658e290d072fc82e72.exe
-
Size
617KB
-
Sample
230224-fa4rsacb9z
-
MD5
a983f92e01f896658e290d072fc82e72
-
SHA1
8e531921442d1e8d2a264b825009e06d829a037d
-
SHA256
d79a1f94e5bd55d0ac6b65c55984801b876fd27236a7e458ccba4e49e2a9bd85
-
SHA512
b28309374c275ff42573aadb4e7b2ce0c85618c1b7dda9d43c3f58acdac722ae974e19d3fd4e006229afe3bf9f2bfd2124fdaf642011afb9f982b4529fe0120f
-
SSDEEP
12288:6o+8M9y1CuNt7DDYm+za1dwjk/Zf0sOveMTrPuAyBZ7:6o8VuNRMfza/wgxd6hH67
Static task
static1
Behavioral task
behavioral1
Sample
a983f92e01f896658e290d072fc82e72.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a983f92e01f896658e290d072fc82e72.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
fickerstealer
91.228.224.98:8080
Targets
-
-
Target
a983f92e01f896658e290d072fc82e72.exe
-
Size
617KB
-
MD5
a983f92e01f896658e290d072fc82e72
-
SHA1
8e531921442d1e8d2a264b825009e06d829a037d
-
SHA256
d79a1f94e5bd55d0ac6b65c55984801b876fd27236a7e458ccba4e49e2a9bd85
-
SHA512
b28309374c275ff42573aadb4e7b2ce0c85618c1b7dda9d43c3f58acdac722ae974e19d3fd4e006229afe3bf9f2bfd2124fdaf642011afb9f982b4529fe0120f
-
SSDEEP
12288:6o+8M9y1CuNt7DDYm+za1dwjk/Zf0sOveMTrPuAyBZ7:6o8VuNRMfza/wgxd6hH67
Score10/10-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-