General

  • Target

    0ecce4332bd67641396914bfac058814.exe

  • Size

    523KB

  • Sample

    240104-ywxvgaacbp

  • MD5

    0ecce4332bd67641396914bfac058814

  • SHA1

    1894459cbceb22a909af65f53959381852e9e73c

  • SHA256

    930eb422bd8e5011f1b155761590cf43772cbeba83292d27f886625fb336dd62

  • SHA512

    cc1f57bf4f03ca838678077e4a0f4cd05bd8b41ae1c8678d1fbda70b274a7d2482efde6479b354363d97fd12fc12e1bf5f0406adf1d53739a069f21d4a91b855

  • SSDEEP

    6144:Co1IJHH1vI8c0/AM7KfVxCbrPCeqc2WOTFWV5Uc0anL+cThKzpMW0rLAb56dpLNU:tIlH1vIB0z7WVwkFDi+cTopMW0rwrsu

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      0ecce4332bd67641396914bfac058814.exe

    • Size

      523KB

    • MD5

      0ecce4332bd67641396914bfac058814

    • SHA1

      1894459cbceb22a909af65f53959381852e9e73c

    • SHA256

      930eb422bd8e5011f1b155761590cf43772cbeba83292d27f886625fb336dd62

    • SHA512

      cc1f57bf4f03ca838678077e4a0f4cd05bd8b41ae1c8678d1fbda70b274a7d2482efde6479b354363d97fd12fc12e1bf5f0406adf1d53739a069f21d4a91b855

    • SSDEEP

      6144:Co1IJHH1vI8c0/AM7KfVxCbrPCeqc2WOTFWV5Uc0anL+cThKzpMW0rLAb56dpLNU:tIlH1vIB0z7WVwkFDi+cTopMW0rwrsu

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks