General

  • Target

    76d7f252e4ee38accd3622709f8c522d

  • Size

    580KB

  • Sample

    231226-r7bm2shagq

  • MD5

    76d7f252e4ee38accd3622709f8c522d

  • SHA1

    d2a4f442dc12098183c95ba2a0a4a84c7ef7afae

  • SHA256

    ae02b8a195f1469f4c43c36b67a0a553842fc3b455ee878e13ee5d642a0e8c24

  • SHA512

    f9e4a7b5a2c4e9fab9b9e1b7738ea1dc90b8c70e1d8886f27935919b647ff665dd9ed4c82339f1cf8cf5ddd7c1266b55db77f32f61335da1ddb851ac46f661ac

  • SSDEEP

    12288:IdJ9Zq5P4jsJ1vA95b8QcR4s5fPR2ZwiZ5GMW0rwrsu:Oq5P4jsJUMR46PR6wi+h3

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      76d7f252e4ee38accd3622709f8c522d

    • Size

      580KB

    • MD5

      76d7f252e4ee38accd3622709f8c522d

    • SHA1

      d2a4f442dc12098183c95ba2a0a4a84c7ef7afae

    • SHA256

      ae02b8a195f1469f4c43c36b67a0a553842fc3b455ee878e13ee5d642a0e8c24

    • SHA512

      f9e4a7b5a2c4e9fab9b9e1b7738ea1dc90b8c70e1d8886f27935919b647ff665dd9ed4c82339f1cf8cf5ddd7c1266b55db77f32f61335da1ddb851ac46f661ac

    • SSDEEP

      12288:IdJ9Zq5P4jsJ1vA95b8QcR4s5fPR2ZwiZ5GMW0rwrsu:Oq5P4jsJUMR46PR6wi+h3

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks