General
-
Target
0f6cfe9c64fe0447ee421629812490aa
-
Size
478KB
-
Sample
231230-fn7qlaaebq
-
MD5
0f6cfe9c64fe0447ee421629812490aa
-
SHA1
1f011cad43f687e5f290eac97bad0859ce4e06db
-
SHA256
37af1990b3da0c13879423f0f3b5428df1855efee07ae84b81454470f1397fe9
-
SHA512
5993b8e1b79d083ebdf88dff1f327f2433a144ab311d75b7f2adf1905a5db5b8c25b153b15823f611ac378c6cd20b34c0781f69e36e387a2b41d1ab310b409d1
-
SSDEEP
12288:/ra30kz2fm9VImjEdIQ9zTwoO2MW0rwrsu:/ra3pK+9qCQ9zH3h3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
0f6cfe9c64fe0447ee421629812490aa
-
Size
478KB
-
MD5
0f6cfe9c64fe0447ee421629812490aa
-
SHA1
1f011cad43f687e5f290eac97bad0859ce4e06db
-
SHA256
37af1990b3da0c13879423f0f3b5428df1855efee07ae84b81454470f1397fe9
-
SHA512
5993b8e1b79d083ebdf88dff1f327f2433a144ab311d75b7f2adf1905a5db5b8c25b153b15823f611ac378c6cd20b34c0781f69e36e387a2b41d1ab310b409d1
-
SSDEEP
12288:/ra30kz2fm9VImjEdIQ9zTwoO2MW0rwrsu:/ra3pK+9qCQ9zH3h3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-