fickerstealer | 71c9830906a2def9ae8dba74522b43483bd298e60fbeb8f4af33db3ef2fb2973 | Triage

Sharing

General

Target

fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9.zip
Size

314KB
Sample

230321-qq7tgsaf33
MD5

2757572decc7fc62ed808720514f40d1
SHA1

383e3ca06468fde9b68852682b0c50df88117e34
SHA256

71c9830906a2def9ae8dba74522b43483bd298e60fbeb8f4af33db3ef2fb2973
SHA512

0dfb6ddc785f177026a8217c5d2879eaadc112a1e1608cc1847b0c2e01e594dfdb3d63dbabb264ae65e16db0abc2c7284a7fc50054283e313b20cfb0d2fb2b82
SSDEEP

6144:3XE9KRPqSoACS3sKgcvuSPYkVS4My2dz4RymV5jcmMCXCcXUpbOp1ysHaFVh25Ow:309kq1AV8K4SPXlMBURgFCX1XUhOWs6K

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

clogsme.link:8080

Targets

- Target
  
  fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9.exe
- Size
  
  396KB
- MD5
  
  ae8f1cd095afa12559ecca86166d8a7a
- SHA1
  
  3b1be222db87f7a04d40e7062467e52a9cda9757
- SHA256
  
  fc583f0b1db0e61fd38fa6d02280554a392550ea905e2f1054602aba3aca42f9
- SHA512
  
  3a6e05f451e16cfdf8b564372377251bba95e4e6e423179d2dbd3fe6c0bd584dbde45e24c06b214f0317c9f7894ecdcc5c903c8e867784b03fcd028b8349c61a
- SSDEEP
  
  6144:ANL1bEzN+yhi6zKDAEdgNYYFRMNZAJHdRRqVhZilkbrNmYQASsui9yD6b6W:ANxAzNzlODAqgzKj2bAVqMrNR/86bv
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer