fickerstealer | 5cb17f38814b487c149eb85a8c5c93af3ffef69fa1dedf48b5df229ce5dd4c53

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2023 13:28

Target

ca47ef826dd05e2b640dd799c6381c1606df996da5f4e8a0c66f785eacc558a8.exe
Size

391KB
MD5

35f5954ec7dcb7b68924afeeaf9be3d1
SHA1

1ba3d62afaf21e8f6aa7ae0cb0fc24c94c102f05
SHA256

ca47ef826dd05e2b640dd799c6381c1606df996da5f4e8a0c66f785eacc558a8
SHA512

92ab0903a919d1dd769c622393e5a2a5d56c78987c86f943a19b0e5dd200b5063d86e4e79dc0f209e095bf19fd44453c418a18b4f37bcc3eb2d58cc905457ec9
SSDEEP

6144:cW3mkqlxrNBKiU6893YBwq3xj4/XjT7d6srMQW+bXvd0GsuFC1OlbPVdWnKfX:Lmk8TZUloBPsPj4KN/d0ouh

Score

10^/10

Family

fickerstealer

blogsme.link:8080

Fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
3	api.ipify.org

C:\Users\Admin\AppData\Local\Temp\ca47ef826dd05e2b640dd799c6381c1606df996da5f4e8a0c66f785eacc558a8.exe
"C:\Users\Admin\AppData\Local\Temp\ca47ef826dd05e2b640dd799c6381c1606df996da5f4e8a0c66f785eacc558a8.exe"
1⤵
PID:2080

C:\ProgramData\fasfvv.txt

Filesize
12B

MD5
0146b97f1bf748301734071d33706ba1

SHA1
4fe8ed756a2e7d09499d962cb3ffd9a7d3e20495

SHA256
c3af235b5b9c8f8c0657cab7c8c85f85d97100c7d13cb4fb6626c667e06b697f

SHA512
34e2df58d22ddbc3b5d4355394232e71b8ec68c389d2a21d99981200ba80e3f90e4af3c56aef2d50b5042796d658e6ac9007450d4e32f0d8db43d167a59f0cfb

Download Submit
memory/2080-138-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download