Overview

overview

10

Static

static

1

a0c667e473...a1.exe

windows7-x64

10

a0c667e473...a1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a0c667e473bbcf4b67f08f784f0e842b56cac912670577798e82f59b76a4a3a1.zip

  • Size

    325KB

  • Sample

    230321-qq6w7acf6y

  • MD5

    1b052cdd5298346542f6abb5584413e8

  • SHA1

    e80a54297ae0a3577531887183490c090f3c2911

  • SHA256

    bba610069ba7bf90c015901ba770864ee91b665f6315ea397779337a0bb9fad6

  • SHA512

    1836a1d3e72b4ac1ac25f2c190f95b79d9c7604a696553dace019ccfa787a53d4975344abe4821eb245776795cd2d589cb287aa560d36bd7274cbecea3c3e980

  • SSDEEP

    6144:F2W1ReqlFuJ10sESkR4WbHKWttpfR+nxjRRaehMHxP9F+Y3dlme1JW2P:tFlFuJqsEpbH7tjR+xdRJclqYq2P

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

dfthdsb.link:8080

Targets

    • Target

      a0c667e473bbcf4b67f08f784f0e842b56cac912670577798e82f59b76a4a3a1.exe

    • Size

      404KB

    • MD5

      a15799366ecdc252e16e8ed459da675f

    • SHA1

      b7d81a6d4d7c01b3b7ab282c0a0ea17d33ce080b

    • SHA256

      a0c667e473bbcf4b67f08f784f0e842b56cac912670577798e82f59b76a4a3a1

    • SHA512

      d8460105c47aa5a3402ede20bf0722906c279077fd737d9c1351d1572acfa23ca0be60023535ccf294b0e14b33217bec4be74a6ec3404625ff14fda36e702521

    • SSDEEP

      12288:EkiqcnjTelNaEvMmb8WrTGNiot+QQMpEF:I2lQhXWTuiWhQ3F

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks