Analysis
-
max time kernel
141s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30-12-2023 21:59
Static task
static1
Behavioral task
behavioral1
Sample
1dd2d3890fb72e583cee5a0e18392704.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1dd2d3890fb72e583cee5a0e18392704.exe
Resource
win10v2004-20231215-en
General
-
Target
1dd2d3890fb72e583cee5a0e18392704.exe
-
Size
2.3MB
-
MD5
1dd2d3890fb72e583cee5a0e18392704
-
SHA1
9ece04bbd9fc829c551c612c3f6150be8e447991
-
SHA256
2657021520b107b21400d210ddfa5178aa6183a22cd5b56d8754e53e381be891
-
SHA512
f76dfb1a75b55aab315498973554fbcb26634cba2a509dc34b2d555c9ab297d0391a4c40c7cded88750cce853c9ff142264561450841a5f45645a1e5116b550d
-
SSDEEP
49152:IYnswzLWlr4W9o5YfMbMcRc/s+kobXnz/q/xnd/c/fnr/a5RZH7HAnnnnnLFz8++:bsblrFz0DAekNy/
Malware Config
Extracted
fickerstealer
91.211.248.143:80
Signatures
-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 3 api.ipify.org -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
1dd2d3890fb72e583cee5a0e18392704.exepid Process 1748 1dd2d3890fb72e583cee5a0e18392704.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12B
MD58cf4dec152a9d79a3d62202b886eda9b
SHA10c1b3d3d02c0b655aa3526a58486b84872f18cc2
SHA256c30e56c9c8fe30ffa4a4ff712cf2fa1808ee82ca258cd4c8ebefcc82250b6c01
SHA512a5a65f0604f8553d0be07bd5214db52d3f167e7511d29cb64e3fa9d8c510cc79976ff2a5acb9b8c09b666f306ac8e4ad389f9a2de3ca46d57b1e91060a4c50fd