General
-
Target
428194f0c7817cd2d1ba7c94291107a3
-
Size
578KB
-
Sample
240105-cngbvsgaej
-
MD5
428194f0c7817cd2d1ba7c94291107a3
-
SHA1
3cc2291ae305f80034626aba354b35a5529b282a
-
SHA256
615417eba83a4c9800d6c375de53aaeadbb5113029a1db3c14cd22abc55f2a92
-
SHA512
5b8ab230380f8100901dc669033057dfd3205e707d301593e9faf487d1d4ee590cbb56a5b95281cad700264d0cafcd46d45ac7b65b03f6c03199cb922224c660
-
SSDEEP
12288:pc0Sv/ZoFTTqc2aK6beLd1YcEDuck3zMW0rwrsu:NSv/Z8Tq36KdKXDuNh3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
428194f0c7817cd2d1ba7c94291107a3
-
Size
578KB
-
MD5
428194f0c7817cd2d1ba7c94291107a3
-
SHA1
3cc2291ae305f80034626aba354b35a5529b282a
-
SHA256
615417eba83a4c9800d6c375de53aaeadbb5113029a1db3c14cd22abc55f2a92
-
SHA512
5b8ab230380f8100901dc669033057dfd3205e707d301593e9faf487d1d4ee590cbb56a5b95281cad700264d0cafcd46d45ac7b65b03f6c03199cb922224c660
-
SSDEEP
12288:pc0Sv/ZoFTTqc2aK6beLd1YcEDuck3zMW0rwrsu:NSv/Z8Tq36KdKXDuNh3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-