fickerstealer | 37dfa936a8336dd36b8379f0ab078c79d062a531e62138efc6bd760d7f496532 | Triage

Submit
Reports

Overview

overview

Static

static

1

42a3a11367...1d.exe

windows7-x64

42a3a11367...1d.exe

windows10-2004-x64

Sharing

General

Target

42a3a11367f39f4b5dda0d40b1183330072f8d85c3d2e79e42c46489e7dcce1d.zip
Size

368KB
Sample

230326-vfn1vabc21
MD5

438d1f2966d97a61e2d6f0534f162b9f
SHA1

73b3522c83234ceb809fc9df18da0fe3f9409914
SHA256

37dfa936a8336dd36b8379f0ab078c79d062a531e62138efc6bd760d7f496532
SHA512

4ab1c19c83a2c86b9adab3bd0f17856d09cf46ca3f2a6608483154cf684574b9c87f2c47cf14ac0dccf890ed0cccb82de3c3a0dad6ce963b02e3dc1c2aa9e6cc
SSDEEP

6144:mpXBZGi4CsXhPoBI4oZ5VnQP8WQBdo3nvgrBQnMQVEjcujS3RYlEw:mZWC6hPo1oPLBdm2+Eje3OlEw

Score

10^/10

fickerstealer infostealer

Static task

static1

Behavioral task

behavioral1

Sample

42a3a11367f39f4b5dda0d40b1183330072f8d85c3d2e79e42c46489e7dcce1d.exe

Resource

win7-20230220-en

fickerstealer infostealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

42a3a11367f39f4b5dda0d40b1183330072f8d85c3d2e79e42c46489e7dcce1d.exe

Resource

win10v2004-20230220-en

fickerstealer infostealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

fickerstealer

C2

fasdas.link:8080

Targets

- Target
  
  42a3a11367f39f4b5dda0d40b1183330072f8d85c3d2e79e42c46489e7dcce1d.exe
- Size
  
  480KB
- MD5
  
  a8347795e62fd5ea607f98579c1d49ec
- SHA1
  
  6e4b74e8f7447b6a7db13b4dbcefea258e430a4f
- SHA256
  
  42a3a11367f39f4b5dda0d40b1183330072f8d85c3d2e79e42c46489e7dcce1d
- SHA512
  
  790726f6e8045324e1482e8614194299f1b501fa73f22ef516dddf5157404fbaeb7ef1983f4f771f34673d6749853a236ceff97be3e58d32740d2e08b7f5e349
- SSDEEP
  
  6144:ALaTiFA3m+iCOvax2wVTqUiYTOefJC/cpTQbrZxBqZugCoZsBgbIOHH4:AuTH3mzCYA20mMOehjkbr7BUug6gbL4
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer

© 2018-2025

Terms | Privacy