General

  • Target

    0462b2c5b2f0efb79d2681f5ad62508d

  • Size

    491KB

  • Sample

    231224-s931rahfh3

  • MD5

    0462b2c5b2f0efb79d2681f5ad62508d

  • SHA1

    a5b90879122c8e6fd64c4e08eed8bdd78058f3ac

  • SHA256

    43f3454b59d1da36302b70fba810f63c4e561915bb81032c123d9bdcfceff0b8

  • SHA512

    776c892ce0581adda2c222d5412c97357a395ada5f428c064dafa527652fc3f5ae780e0141aeb77c3c816d03205225b47212074d75074fe33577ae746eab8224

  • SSDEEP

    12288:D4vtPhTFQMeEcTNO8nN+2BvJBAoUOEVr6LMW0rwrsu:clhKMSJN+2pDAoUP2Lh3

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      0462b2c5b2f0efb79d2681f5ad62508d

    • Size

      491KB

    • MD5

      0462b2c5b2f0efb79d2681f5ad62508d

    • SHA1

      a5b90879122c8e6fd64c4e08eed8bdd78058f3ac

    • SHA256

      43f3454b59d1da36302b70fba810f63c4e561915bb81032c123d9bdcfceff0b8

    • SHA512

      776c892ce0581adda2c222d5412c97357a395ada5f428c064dafa527652fc3f5ae780e0141aeb77c3c816d03205225b47212074d75074fe33577ae746eab8224

    • SSDEEP

      12288:D4vtPhTFQMeEcTNO8nN+2BvJBAoUOEVr6LMW0rwrsu:clhKMSJN+2pDAoUP2Lh3

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks