General

  • Target

    36e7c8a3e42a6cc8b082dd1d7aec08f1.exe

  • Size

    457KB

  • Sample

    240110-ya4qwsfgg7

  • MD5

    36e7c8a3e42a6cc8b082dd1d7aec08f1

  • SHA1

    0883b540fe0908bdb3a69d84273e37a52af5618d

  • SHA256

    238942efe3736ff73e7674abb5eb809c42bf0c510f6d1729344fd19b7fe5fbd5

  • SHA512

    f72ea6a3d5f1a68e5d41104f8cf6bb20b26bb0601be8f8a624485345817018d5e5616e1db54aca2933afdc675d8617bd0335be4ed2e5ebbdc9820f984f4e636b

  • SSDEEP

    6144:U1eXLHWlZb7rvAQT62LvoVzqKxx10wJ3LcJz9MMW0rLAb56dpLN4XQKJrsu:USCZb7TfL8zFxx10wJ7cJ6MW0rwrsu

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      36e7c8a3e42a6cc8b082dd1d7aec08f1.exe

    • Size

      457KB

    • MD5

      36e7c8a3e42a6cc8b082dd1d7aec08f1

    • SHA1

      0883b540fe0908bdb3a69d84273e37a52af5618d

    • SHA256

      238942efe3736ff73e7674abb5eb809c42bf0c510f6d1729344fd19b7fe5fbd5

    • SHA512

      f72ea6a3d5f1a68e5d41104f8cf6bb20b26bb0601be8f8a624485345817018d5e5616e1db54aca2933afdc675d8617bd0335be4ed2e5ebbdc9820f984f4e636b

    • SSDEEP

      6144:U1eXLHWlZb7rvAQT62LvoVzqKxx10wJ3LcJz9MMW0rLAb56dpLN4XQKJrsu:USCZb7TfL8zFxx10wJ7cJ6MW0rwrsu

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks