General
-
Target
c292e86c72bcfc610e735fb8eae67990cc834892e4a199a4b20b3e0de5eb14d1.zip
-
Size
307KB
-
Sample
230321-qq67yscf6z
-
MD5
fd365a2290d924851fa58e887a24f0a7
-
SHA1
e082760a74436fe9d51acfc79638113dfe532789
-
SHA256
8892935bec17053a8d64963a76d49b709a131e3f3a10ae72e8463b4e66bbd8ce
-
SHA512
1349283d2e869d79b8a7e824f3c3cb722be85d28fcc6ad775cc97bccf69019bf69f77cd96a7b7dd7d85ac79d18974e0fefbfa3cdcd12db18aeac2138f8a2e63f
-
SSDEEP
6144:eMq8XhCQlUl50zdMMeglciPeOMWTEoHFXJU8Z5gSe5/CwYnnELAaf+R:eN8AQlDzrrhPeeEcdJUi34CwYnn6YR
Malware Config
Extracted
fickerstealer
ed2efjw.link:8080
Targets
-
-
Target
c292e86c72bcfc610e735fb8eae67990cc834892e4a199a4b20b3e0de5eb14d1.exe
-
Size
386KB
-
MD5
78cd287896735ac4617f4fd7d7db3f50
-
SHA1
e125d07bcd7967a467a1199a46b42b762170e516
-
SHA256
c292e86c72bcfc610e735fb8eae67990cc834892e4a199a4b20b3e0de5eb14d1
-
SHA512
876ba9542cbf36f695d87418cc068b9c928cc6c38c529d47337a360b9dad4258246df3cf5615c709d06c102c88df66bf5f8458be1d4faabb4b74a5602d592a60
-
SSDEEP
6144:PfILpNo3m+qqwgkFTUeMZiksREwe32RqphF2CoW208q+Zk1x:PfIVNo3mXqOAetXXemR+TSq+Z8x
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-