Malware Analysis Report

2024-09-22 16:22

Sample ID 230321-qq6w7acf6x
Target 58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.zip
SHA256 f5f542f8ee99e8d6fd8273cbd8142f5a5d6a1076b25cd6157b12274b81f333da
Tags
fickerstealer infostealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f5f542f8ee99e8d6fd8273cbd8142f5a5d6a1076b25cd6157b12274b81f333da

Threat Level: Known bad

The file 58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.zip was found to be: Known bad.

Malicious Activity Summary

fickerstealer infostealer

Fickerstealer family

Fickerstealer

Looks up external IP address via web service

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2023-03-21 13:28

Signatures

Fickerstealer family

fickerstealer

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-21 13:28

Reported

2023-03-21 13:31

Platform

win7-20230220-en

Max time kernel

150s

Max time network

160s

Command Line

"C:\Users\Admin\AppData\Local\Temp\58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.exe"

Signatures

Fickerstealer

infostealer fickerstealer

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.exe

"C:\Users\Admin\AppData\Local\Temp\58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.ipify.org udp
US 173.231.16.76:80 api.ipify.org tcp
US 8.8.8.8:53 blogsme.link udp

Files

C:\ProgramData\fasfvv.txt

MD5 71d587e911373f62d72a158eceb6e0e7
SHA1 68d81a1a4fb19c609288a94f10d1bbb92d972a68
SHA256 acce61361a3dee677653fa2909f29530202335835c71031ba4dff50682ae5de8
SHA512 a0010c487c8b1eeae82ae82896bf5f48b7ec5573197bbe149b6803093a32b3b470ef0b122278e404cd5df296376bb0629438609997d52c14757ff1c3e6756060

memory/608-59-0x0000000000400000-0x0000000000468000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-21 13:28

Reported

2023-03-21 13:31

Platform

win10v2004-20230220-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.exe"

Signatures

Fickerstealer

infostealer fickerstealer

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.exe

"C:\Users\Admin\AppData\Local\Temp\58d1e777704216e668537c6db64d0178d44071736ed966eb3fc88bc05e6840c3.exe"

Network

Country Destination Domain Proto
US 152.195.38.76:80 tcp
US 209.197.3.8:80 tcp
US 93.184.220.29:80 tcp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 api.ipify.org udp
US 173.231.16.76:80 api.ipify.org tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
IE 20.190.159.23:443 tcp
US 152.195.38.76:80 tcp
US 152.195.38.76:80 tcp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 199.176.139.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 64.185.227.155:80 api.ipify.org tcp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 155.227.185.64.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 226.101.242.52.in-addr.arpa udp
US 8.8.8.8:53 blogsme.link udp
NL 13.69.109.130:443 tcp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 11.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 210.81.184.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 0.77.109.52.in-addr.arpa udp
US 8.8.8.8:53 202.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 216.74.101.95.in-addr.arpa udp
NL 173.223.113.164:443 tcp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 209.197.3.8:80 tcp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 154.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 126.132.241.8.in-addr.arpa udp
US 8.8.8.8:53 blogsme.link udp
US 8.8.8.8:53 udp

Files

memory/1536-133-0x0000000000400000-0x0000000000468000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6K3GJRJ1\7WM1EQLA.txt

MD5 71d587e911373f62d72a158eceb6e0e7
SHA1 68d81a1a4fb19c609288a94f10d1bbb92d972a68
SHA256 acce61361a3dee677653fa2909f29530202335835c71031ba4dff50682ae5de8
SHA512 a0010c487c8b1eeae82ae82896bf5f48b7ec5573197bbe149b6803093a32b3b470ef0b122278e404cd5df296376bb0629438609997d52c14757ff1c3e6756060

memory/1536-140-0x0000000000400000-0x0000000000468000-memory.dmp