fickerstealer | c09d37e5458549e449d71b40a0e34bc97032dd00bcacb365e0ade893e4e35ec3 | Triage

Sharing

General

Target

96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d.zip
Size

219KB
Sample

230327-pcl47add24
MD5

4d282b643072e1696224d1d2a34d582c
SHA1

a405721219a58076ca60ecd7711ff2f66fe46f3b
SHA256

c09d37e5458549e449d71b40a0e34bc97032dd00bcacb365e0ade893e4e35ec3
SHA512

9859bc6a741684e25fbd4a46ea919c6cc20a8fc0ec958bdedbb3253abcacc90fdb12277ef70f62f6b71b413f98472b148f49f84d1facfd1c87cf5a6bb288ba66
SSDEEP

6144:fTjXIJdkzuKdhGkFKyqDueq1taHU/URQpRUpeizGw:fTj6yX/G0KyoueItaHU1pupPaw

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

lukkeze.club:80

Targets

- Target
  
  96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d.exe
- Size
  
  282KB
- MD5
  
  72dcda0a0601b6e7df5b2d4133d8224f
- SHA1
  
  4604ae50310f18648bfdce614f6332088cddff63
- SHA256
  
  96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d
- SHA512
  
  d7e08462a7e6e27d707becc83825ec3ec9275cc36b60e85c4980d8ea5002d3a7973cb89ae993b657e38be502db206a0b27fa0cfd784505c0fba0f2b1edfc92a4
- SSDEEP
  
  6144:K8it3a+Prec1DJGDBXgN61cZlCsIH37fv1u5Jj6mV6:KJ3ofFXgcWWsIH37fya
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer