Overview

overview

10

Static

static

1

96e013855d...1d.exe

windows7-x64

10

96e013855d...1d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d(phishing).zip

  • Size

    219KB

  • Sample

    230323-qcn48afh37

  • MD5

    cf9988be8d226f346241a6b796d24c74

  • SHA1

    fedebf0aaf742dd432c1280073b1efd2b0bfd9c4

  • SHA256

    40c725d51c59b67db1bc5958c7a2f9ceffa3e277367133496fb2a8a919ebd5bf

  • SHA512

    4da445c4b38e796bd2932c07e12c77cd0e7f9ed943ad541ab5adda6a9441f1c5ec3aa44e61e721dbe9b5d9a79a4d83b2a2d2ba89537a88930a1d64cc6b822201

  • SSDEEP

    6144:m0P1aSHBwPuzBs4ExAqxUdFCmmN3QA65W:hFHBwGsLYjGQA2W

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

lukkeze.club:80

Targets

    • Target

      96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d.exe

    • Size

      282KB

    • MD5

      72dcda0a0601b6e7df5b2d4133d8224f

    • SHA1

      4604ae50310f18648bfdce614f6332088cddff63

    • SHA256

      96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d

    • SHA512

      d7e08462a7e6e27d707becc83825ec3ec9275cc36b60e85c4980d8ea5002d3a7973cb89ae993b657e38be502db206a0b27fa0cfd784505c0fba0f2b1edfc92a4

    • SSDEEP

      6144:K8it3a+Prec1DJGDBXgN61cZlCsIH37fv1u5Jj6mV6:KJ3ofFXgcWWsIH37fya

    Score
    10/10
    fickerstealerinfostealer

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

      infostealerfickerstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks