General

  • Target

    9a47d98ee564ea809018f3c117d7cdb5

  • Size

    583KB

  • Sample

    240214-aft7mscc7s

  • MD5

    9a47d98ee564ea809018f3c117d7cdb5

  • SHA1

    05045d95a71df1de8cb01ce9c074050166d88334

  • SHA256

    c4fbb29e0a8df396d0635cde2d4875b041d684efd0b8ecbf0d31a657ef9b437f

  • SHA512

    02d7278bdbe580c3d8896251c0d454f7575c1827a241cdf7ae2e3db8dfb591fd428d7d8ccef4eb61318fece2502d69927cab54f823f5aba8348a587963935325

  • SSDEEP

    12288:onZIZTRr+eSScYIow3+a1IRC9sBFfqKEcAMW0rwrsu:BRr+eO3eRBNqKKh3

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      9a47d98ee564ea809018f3c117d7cdb5

    • Size

      583KB

    • MD5

      9a47d98ee564ea809018f3c117d7cdb5

    • SHA1

      05045d95a71df1de8cb01ce9c074050166d88334

    • SHA256

      c4fbb29e0a8df396d0635cde2d4875b041d684efd0b8ecbf0d31a657ef9b437f

    • SHA512

      02d7278bdbe580c3d8896251c0d454f7575c1827a241cdf7ae2e3db8dfb591fd428d7d8ccef4eb61318fece2502d69927cab54f823f5aba8348a587963935325

    • SSDEEP

      12288:onZIZTRr+eSScYIow3+a1IRC9sBFfqKEcAMW0rwrsu:BRr+eO3eRBNqKKh3

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks