General
-
Target
874da4a0621dc387a307b542ae70e42e
-
Size
521KB
-
Sample
240201-thd3zsbchp
-
MD5
874da4a0621dc387a307b542ae70e42e
-
SHA1
0151414ef764d0c5b4f9b249957c603eeb91fc89
-
SHA256
e91791e8f9a62e520df63c930fa50449739c751088eb290b938ffac750ef746a
-
SHA512
672e7a117a43f158deeebc247c699a54dad21e28353b5afc5ed3addb33da9b093b436322205b228624265efb3c82fb6a1818d39dbb612921d275dc39184bde5d
-
SSDEEP
12288:gW7TJMJ9JiKFTxDcVZ6Slc3BPAiyMW0rwrsu:guTJYJVTVcVZ6S6BPATh3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
874da4a0621dc387a307b542ae70e42e
-
Size
521KB
-
MD5
874da4a0621dc387a307b542ae70e42e
-
SHA1
0151414ef764d0c5b4f9b249957c603eeb91fc89
-
SHA256
e91791e8f9a62e520df63c930fa50449739c751088eb290b938ffac750ef746a
-
SHA512
672e7a117a43f158deeebc247c699a54dad21e28353b5afc5ed3addb33da9b093b436322205b228624265efb3c82fb6a1818d39dbb612921d275dc39184bde5d
-
SSDEEP
12288:gW7TJMJ9JiKFTxDcVZ6Slc3BPAiyMW0rwrsu:guTJYJVTVcVZ6S6BPATh3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-