General

  • Target

    04353d6c598d4c4747eefe57006b1bdf

  • Size

    582KB

  • Sample

    231225-ehy1tsddcl

  • MD5

    04353d6c598d4c4747eefe57006b1bdf

  • SHA1

    e00e056801857137f07a506ec6d86fada92bb79b

  • SHA256

    8e6e28b85a43a315f3fe66cef6584d9e3d0f6b095732a88f4303e685c2fb9e9b

  • SHA512

    34f896ea8fd89649c063ab50a5c7c903ae0417d223fe9019b07c3ba17bfbcb199fde35c92578cfaca42ef4c713f9aac726cef1fc2bbe3da2f1ae2e1ebf410f5e

  • SSDEEP

    12288:LNZFefaL/CUbEKvyH27Gzr8Fp99sqs3yNbojerzMW0rwrsu:kCL/CWftsqsCkerzh3

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      04353d6c598d4c4747eefe57006b1bdf

    • Size

      582KB

    • MD5

      04353d6c598d4c4747eefe57006b1bdf

    • SHA1

      e00e056801857137f07a506ec6d86fada92bb79b

    • SHA256

      8e6e28b85a43a315f3fe66cef6584d9e3d0f6b095732a88f4303e685c2fb9e9b

    • SHA512

      34f896ea8fd89649c063ab50a5c7c903ae0417d223fe9019b07c3ba17bfbcb199fde35c92578cfaca42ef4c713f9aac726cef1fc2bbe3da2f1ae2e1ebf410f5e

    • SSDEEP

      12288:LNZFefaL/CUbEKvyH27Gzr8Fp99sqs3yNbojerzMW0rwrsu:kCL/CWftsqsCkerzh3

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks