Overview

overview

10

Static

static

1

fb623f4ae4...b8.exe

windows7-x64

10

fb623f4ae4...b8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb623f4ae4dcaa007cac4365aa3ce13526ae32b94f2d9bfe5bf5b6f6a0e376b8.zip

  • Size

    370KB

  • Sample

    230321-qq7hqacf7t

  • MD5

    ead74e831165c63a7151c0f7622a681a

  • SHA1

    4853cb05a88199449ff984d023e6a9717374c422

  • SHA256

    4540480117da80ab268159e5ac07dae1e06818b5a17ee2adc7dfe83abec96ef1

  • SHA512

    488f320330a47c7c0ee65ab3c53d8688d15491c8a4fec071e99933eb2dc008d9a4838721dc8f8f6aa2bf6129fcfeb39b8a4d3bec1d58ddb8ca11f83dd5288fd5

  • SSDEEP

    6144:cDeK/Uz/a1leVfUV7UT3oAvLJ74Sgje6gNhAd+rICs8uWwB8yaQWeNeaL+GPThlC:AeLbaveVM9UTYUOSN6p9owB8yGeQWlSZ

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

wejqwed.link:8080

Targets

    • Target

      fb623f4ae4dcaa007cac4365aa3ce13526ae32b94f2d9bfe5bf5b6f6a0e376b8.exe

    • Size

      484KB

    • MD5

      858df84cee719d555d9c0e734e85e134

    • SHA1

      5f041464895c49dc9fe0c3e156f0fb0511e6ad77

    • SHA256

      fb623f4ae4dcaa007cac4365aa3ce13526ae32b94f2d9bfe5bf5b6f6a0e376b8

    • SHA512

      4558fa0d39c7a88b9a92bc67256e67507d2b9602512e83dd4bba1209d08ea42b683d5ce1684a90576769db39d923aa0ca0f3deed5d3743fa92b45c0bb588a88b

    • SSDEEP

      6144:cLD0cELbVdOkFuWupKYAbRjXXRQGOQ1k5W/HJXAiTACzKIugCoZsBf7jO5+:cn0b/VdJgKflXXRX/JQiTpnug6OQ

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks