General
-
Target
48ede083fc71d65ecccebaa824fd1dc0
-
Size
470KB
-
Sample
240107-n79cjaddd3
-
MD5
48ede083fc71d65ecccebaa824fd1dc0
-
SHA1
14a6353634af2037c180a7d14bd1d312b51e34d4
-
SHA256
8a2365761853f027da2895b4f4a24f7f988255b00b837fe6caa6e8a5a067e99c
-
SHA512
6061aa977ef35085bd056cc7d9ab5243c8e93a466cf54361c64bdcb84ce80d8a4f1f33813a87f0de2668f2b1ab2ec0dced87c612e10a369807b27e53413fb6ee
-
SSDEEP
6144:W+06dFf/CW9ELXwOFqLhWg/Tae+kAevdXaW0rLFb56dpLN4XQKJ3:rdF99s/q1B2oAelXaW0rN3
Malware Config
Extracted
fickerstealer
asfasfvcxvdbs.com:80
Targets
-
-
Target
48ede083fc71d65ecccebaa824fd1dc0
-
Size
470KB
-
MD5
48ede083fc71d65ecccebaa824fd1dc0
-
SHA1
14a6353634af2037c180a7d14bd1d312b51e34d4
-
SHA256
8a2365761853f027da2895b4f4a24f7f988255b00b837fe6caa6e8a5a067e99c
-
SHA512
6061aa977ef35085bd056cc7d9ab5243c8e93a466cf54361c64bdcb84ce80d8a4f1f33813a87f0de2668f2b1ab2ec0dced87c612e10a369807b27e53413fb6ee
-
SSDEEP
6144:W+06dFf/CW9ELXwOFqLhWg/Tae+kAevdXaW0rLFb56dpLN4XQKJ3:rdF99s/q1B2oAelXaW0rN3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-