Overview

overview

10

Static

static

1

42a3a11367...1d.exe

windows7-x64

10

42a3a11367...1d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42a3a11367f39f4b5dda0d40b1183330072f8d85c3d2e79e42c46489e7dcce1d.zip

  • Size

    368KB

  • Sample

    230321-qq6lesaf29

  • MD5

    0fed2364e0a41963328b6b6cfc40fe69

  • SHA1

    8c6753cc37dbacf25e6ab542f6789dd704a3dd8e

  • SHA256

    c83c9155b3ebab58bbd40ed61624f8d8ddb9d1f87601d2dfa0f7b529a49800c6

  • SHA512

    7ae2a807ab8ff8a4610f1816b934b22022a504a6defb0db1a5e6bb46db2817769ee67273a868739a756dfc5e38bc829b1d076021b3d840ed556087bbe10f595c

  • SSDEEP

    6144:jOa+PTTvd612odVBu+hneQHdZXd9LPwnHWTT3G3lL1YvUsprTYB7:t+Lk12YVBDhneeTXd9LY2Ti3gvUurMp

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

fasdas.link:8080

Targets

    • Target

      42a3a11367f39f4b5dda0d40b1183330072f8d85c3d2e79e42c46489e7dcce1d.exe

    • Size

      480KB

    • MD5

      a8347795e62fd5ea607f98579c1d49ec

    • SHA1

      6e4b74e8f7447b6a7db13b4dbcefea258e430a4f

    • SHA256

      42a3a11367f39f4b5dda0d40b1183330072f8d85c3d2e79e42c46489e7dcce1d

    • SHA512

      790726f6e8045324e1482e8614194299f1b501fa73f22ef516dddf5157404fbaeb7ef1983f4f771f34673d6749853a236ceff97be3e58d32740d2e08b7f5e349

    • SSDEEP

      6144:ALaTiFA3m+iCOvax2wVTqUiYTOefJC/cpTQbrZxBqZugCoZsBgbIOHH4:AuTH3mzCYA20mMOehjkbr7BUug6gbL4

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks