General
-
Target
2d641a2668319b179db045309c835cb0
-
Size
515KB
-
Sample
231231-jazplsadd8
-
MD5
2d641a2668319b179db045309c835cb0
-
SHA1
93f1d3f68fb97b23999e464901234d26c681c7f7
-
SHA256
8d9e809be04dc65ba40a2baf764a36b9c659952c3b2e3f889c4d02bf791c8091
-
SHA512
6f60556b62feb94f320892c7bba9857936aee5e6b1ccd6fe7d2cc670ddb399713cec493067ca9f905a89d287970531562917b4c77b73c51674192460201d5244
-
SSDEEP
6144:9aARY/o9hIOUTDxXb1FTSbPNZKv2m1GreaHOs5VTORshwRoaYYPpcMW0rLAb56ds:5RF9eTDh1VSDFveBY+sXAOMW0rwrsu
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
2d641a2668319b179db045309c835cb0
-
Size
515KB
-
MD5
2d641a2668319b179db045309c835cb0
-
SHA1
93f1d3f68fb97b23999e464901234d26c681c7f7
-
SHA256
8d9e809be04dc65ba40a2baf764a36b9c659952c3b2e3f889c4d02bf791c8091
-
SHA512
6f60556b62feb94f320892c7bba9857936aee5e6b1ccd6fe7d2cc670ddb399713cec493067ca9f905a89d287970531562917b4c77b73c51674192460201d5244
-
SSDEEP
6144:9aARY/o9hIOUTDxXb1FTSbPNZKv2m1GreaHOs5VTORshwRoaYYPpcMW0rLAb56ds:5RF9eTDh1VSDFveBY+sXAOMW0rwrsu
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-