Overview

overview

10

Static

static

1

96e013855d...1d.exe

windows7-x64

10

96e013855d...1d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2023 12:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d.exe

  • Size

    282KB

  • MD5

    72dcda0a0601b6e7df5b2d4133d8224f

  • SHA1

    4604ae50310f18648bfdce614f6332088cddff63

  • SHA256

    96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d

  • SHA512

    d7e08462a7e6e27d707becc83825ec3ec9275cc36b60e85c4980d8ea5002d3a7973cb89ae993b657e38be502db206a0b27fa0cfd784505c0fba0f2b1edfc92a4

  • SSDEEP

    6144:K8it3a+Prec1DJGDBXgN61cZlCsIH37fv1u5Jj6mV6:KJ3ofFXgcWWsIH37fya

Score
10/10
fickerstealerinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

lukkeze.club:80

Signatures

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d.exe
    "C:\Users\Admin\AppData\Local\Temp\96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Users\Admin\AppData\Local\Temp\96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d.exe
      "C:\Users\Admin\AppData\Local\Temp\96e013855d1c673cd9c3a756c455881122d9ec5930131956b1a807189a9a991d.exe"
      2⤵
        PID:836

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\kaosdma.txt
      Filesize

      12B

      MD5

      71d587e911373f62d72a158eceb6e0e7

      SHA1

      68d81a1a4fb19c609288a94f10d1bbb92d972a68

      SHA256

      acce61361a3dee677653fa2909f29530202335835c71031ba4dff50682ae5de8

      SHA512

      a0010c487c8b1eeae82ae82896bf5f48b7ec5573197bbe149b6803093a32b3b470ef0b122278e404cd5df296376bb0629438609997d52c14757ff1c3e6756060

      Download Submit

    • memory/836-55-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/836-56-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

      Download

    • memory/836-59-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

      Download

    • memory/836-60-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

      Download

    • memory/836-66-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

      Download

    • memory/1368-58-0x00000000002C0000-0x0000000000304000-memory.dmp

      Filesize

      272KB

      Download