General
-
Target
d79a1f94e5bd55d0ac6b65c55984801b876fd27236a7e458ccba4e49e2a9bd85.zip
-
Size
446KB
-
Sample
230321-qq7hqacf7s
-
MD5
15343358f6464a2ad407d064057a644b
-
SHA1
c20c49c29d414e5fe3145be96aa6b0842a31c3bd
-
SHA256
df34c42a22f2ae13915ba6a2d16ad71f93517824b076088e5b8f1161912769d8
-
SHA512
4d36db93f0e776010c8b3ba7a9056f277ad83a0b40bfc1d6738a3ae2ca6d7a45e94d980c7097ec70d6be27fedbe5dc009001660a7e15b63b2b1d5373330db430
-
SSDEEP
12288:U0kCskbHEUYDIT0JbtkrYd1WHyohIFo+mgJwAKJfoOMWc:U0kCso1YcY1DjFdLKJfoOk
Malware Config
Extracted
fickerstealer
91.228.224.98:8080
Targets
-
-
Target
d79a1f94e5bd55d0ac6b65c55984801b876fd27236a7e458ccba4e49e2a9bd85.exe
-
Size
617KB
-
MD5
a983f92e01f896658e290d072fc82e72
-
SHA1
8e531921442d1e8d2a264b825009e06d829a037d
-
SHA256
d79a1f94e5bd55d0ac6b65c55984801b876fd27236a7e458ccba4e49e2a9bd85
-
SHA512
b28309374c275ff42573aadb4e7b2ce0c85618c1b7dda9d43c3f58acdac722ae974e19d3fd4e006229afe3bf9f2bfd2124fdaf642011afb9f982b4529fe0120f
-
SSDEEP
12288:6o+8M9y1CuNt7DDYm+za1dwjk/Zf0sOveMTrPuAyBZ7:6o8VuNRMfza/wgxd6hH67
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Reads local data of messenger clients
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-