General

  • Target

    5c1927604741cf72d7dbb6d30bbc679c

  • Size

    489KB

  • Sample

    231226-h55nnsbcbj

  • MD5

    5c1927604741cf72d7dbb6d30bbc679c

  • SHA1

    30a181f2728629f066ae90a57af2c0f601910e7d

  • SHA256

    52678f24464744be422832621e5fb313fd0fe92b1499128c66c925e4e67fa07e

  • SHA512

    281b3e4b6de4e37ae4213a22efe3fa4926d5a8a6604888b1251f0e1dcaf5f0f5ac3da7d1291ee955e51a40afc18eaf48f88cdbeede3a86d52257faaa43c4e9d3

  • SSDEEP

    12288:EjWRgnD0fsc191vpMN8+N1YcTlMW0rwrsu:EQgn4Lv2N1YYh3

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      5c1927604741cf72d7dbb6d30bbc679c

    • Size

      489KB

    • MD5

      5c1927604741cf72d7dbb6d30bbc679c

    • SHA1

      30a181f2728629f066ae90a57af2c0f601910e7d

    • SHA256

      52678f24464744be422832621e5fb313fd0fe92b1499128c66c925e4e67fa07e

    • SHA512

      281b3e4b6de4e37ae4213a22efe3fa4926d5a8a6604888b1251f0e1dcaf5f0f5ac3da7d1291ee955e51a40afc18eaf48f88cdbeede3a86d52257faaa43c4e9d3

    • SSDEEP

      12288:EjWRgnD0fsc191vpMN8+N1YcTlMW0rwrsu:EQgn4Lv2N1YYh3

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks