General
-
Target
087e07ea636995a1249f0196c4cf9e228c8112e44171d5fdcda61fcbc72ac39a.zip
-
Size
299KB
-
Sample
230321-qq6anaaf27
-
MD5
a37fe62d7f854aa29554a7127f13cac1
-
SHA1
77cbd83e77780b666d2f399851e14b50d168a569
-
SHA256
957e1fc0c9430d0cc7d594223b5812dab86b943ada9459ce7e114d9cbd7e979c
-
SHA512
81de96d95ae953271522576e5348f2474fb6a54cf20539d104e2a4b001c32a11576bd875a3abcae46b6c259ca453560feb2a7a037543d262ac47537814b418d7
-
SSDEEP
6144:WKmPlSM4Z43xehTtUCyGxKk3UEZ1Cz3SIEiuTEJ2Y4pQY+vbU0t1nG:joAt23xJCyPWUEZ1Cz3SIEhYh4p5+X/G
Malware Config
Extracted
fickerstealer
ed2efjw.link:8080
Targets
-
-
Target
087e07ea636995a1249f0196c4cf9e228c8112e44171d5fdcda61fcbc72ac39a.exe
-
Size
366KB
-
MD5
2bf337fda9a8a74a0494da655d52e377
-
SHA1
86c04a472c90a7e0b33b0f9dbbfa3c3e86f79b0d
-
SHA256
087e07ea636995a1249f0196c4cf9e228c8112e44171d5fdcda61fcbc72ac39a
-
SHA512
3447a0ecd64d6680b4304f1454bd34ab6529954780b4e82b82bd810899349598b8e417989f09a6f5201d98807031a75c649cf6a7474563dedb2e85e4d10e88c1
-
SSDEEP
6144:lECLE2HsQxQiRdRvYr7F6REk5004ibv32DntOA/6+9ZY4BA+IatO:lECI2HsQZ1v07EREky04iLUtOA/6iyr9
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-