General
-
Target
85acb9da285b48bd88be93544e6ab891
-
Size
459KB
-
Sample
240201-cszn1abbgq
-
MD5
85acb9da285b48bd88be93544e6ab891
-
SHA1
945753fdead292267dd73120e12f32c6e7de8905
-
SHA256
34f3b9f234678b539bda501e05a084b037f5f6f5a1e2973c60cfd27902646403
-
SHA512
06ed567fa7e6a145b0b2bec36ebe10e664cfe1476b268e2f73b130701f451f0ef28dfe5307dc3d95a9e25b399513ba8a1c83ead498d5e964abbd72fd942e8e2c
-
SSDEEP
12288:yWnteGBAllxpnSqey0YXRWYTGMW0rwrsu:yewnHFUYTGh3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
85acb9da285b48bd88be93544e6ab891
-
Size
459KB
-
MD5
85acb9da285b48bd88be93544e6ab891
-
SHA1
945753fdead292267dd73120e12f32c6e7de8905
-
SHA256
34f3b9f234678b539bda501e05a084b037f5f6f5a1e2973c60cfd27902646403
-
SHA512
06ed567fa7e6a145b0b2bec36ebe10e664cfe1476b268e2f73b130701f451f0ef28dfe5307dc3d95a9e25b399513ba8a1c83ead498d5e964abbd72fd942e8e2c
-
SSDEEP
12288:yWnteGBAllxpnSqey0YXRWYTGMW0rwrsu:yewnHFUYTGh3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-