General
-
Target
a615abe4326a1b99d7c2f3f1fccdc332
-
Size
490KB
-
Sample
231227-gkvgjahdf8
-
MD5
a615abe4326a1b99d7c2f3f1fccdc332
-
SHA1
586023f580a7e7bb863249a4ca46d62e059c20f9
-
SHA256
dca0057b493f2c65f2cdd79de9f37d1461219a00d550b6c86d85a66e413a659b
-
SHA512
13851edecb06d8990222fd2bb232e1c55633de05fcc6439112c88b8a41d59d10474451eec2ec99eacadb632045454704b558d00954a0f51d1933d056b3bad44f
-
SSDEEP
12288:Du/xWADWvdrFacp0Wwd3JShkdP/OFMW0rwrsu:C4ADAtq3J1P/kh3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
a615abe4326a1b99d7c2f3f1fccdc332
-
Size
490KB
-
MD5
a615abe4326a1b99d7c2f3f1fccdc332
-
SHA1
586023f580a7e7bb863249a4ca46d62e059c20f9
-
SHA256
dca0057b493f2c65f2cdd79de9f37d1461219a00d550b6c86d85a66e413a659b
-
SHA512
13851edecb06d8990222fd2bb232e1c55633de05fcc6439112c88b8a41d59d10474451eec2ec99eacadb632045454704b558d00954a0f51d1933d056b3bad44f
-
SSDEEP
12288:Du/xWADWvdrFacp0Wwd3JShkdP/OFMW0rwrsu:C4ADAtq3J1P/kh3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-