General
-
Target
7443d0ba4bac7b6179fb4dbea6b0c5c5
-
Size
430KB
-
Sample
240125-ktjm6scdc7
-
MD5
7443d0ba4bac7b6179fb4dbea6b0c5c5
-
SHA1
a27062085c7a060d96ec5a43cbf041d576a4e170
-
SHA256
b1a2606bc4ca3d153ffc150561c2fcbcd3e35177b0843391bdd274ee6c49547c
-
SHA512
c4421e4713ae8cf846d3e8d50dae9875c7512c16246791bff616ca35eddedbd41cbfba967f36dfb80cbee2d4928e7b30ef1b4d6875a06a89074c65f8652a9d71
-
SSDEEP
6144:VQJabaq3EcGFBCusT7iMWPYIImSggFnLuMW0rLAb56dpLN4XQKJrsu:ualXmBCusSMWPYIIDjZLuMW0rwrsu
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
7443d0ba4bac7b6179fb4dbea6b0c5c5
-
Size
430KB
-
MD5
7443d0ba4bac7b6179fb4dbea6b0c5c5
-
SHA1
a27062085c7a060d96ec5a43cbf041d576a4e170
-
SHA256
b1a2606bc4ca3d153ffc150561c2fcbcd3e35177b0843391bdd274ee6c49547c
-
SHA512
c4421e4713ae8cf846d3e8d50dae9875c7512c16246791bff616ca35eddedbd41cbfba967f36dfb80cbee2d4928e7b30ef1b4d6875a06a89074c65f8652a9d71
-
SSDEEP
6144:VQJabaq3EcGFBCusT7iMWPYIImSggFnLuMW0rLAb56dpLN4XQKJrsu:ualXmBCusSMWPYIIDjZLuMW0rwrsu
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-