General
-
Target
9b36c90f30bd2fddc8dd31652121f68c
-
Size
529KB
-
Sample
240214-kfzr8seh59
-
MD5
9b36c90f30bd2fddc8dd31652121f68c
-
SHA1
a6de8b0926e2ee724e6b377dd6309db1817b1c8d
-
SHA256
b902e1f3442956ea6c039a41b19fd94517fd70882b433d7958bbe6d481123b62
-
SHA512
f9ce98ce554f72b544d939b1714c76bebe7b95238aef7921db68064a797e4abad839b82415b1455d51a53a013ef1ab6dbf1a942bc419f69210e13e081d18e778
-
SSDEEP
12288:VO3CZpG0g7cWlVtR4nre3JyDoZI2MW0rwrsu:rZpG0QPin63JaoZI2h3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
9b36c90f30bd2fddc8dd31652121f68c
-
Size
529KB
-
MD5
9b36c90f30bd2fddc8dd31652121f68c
-
SHA1
a6de8b0926e2ee724e6b377dd6309db1817b1c8d
-
SHA256
b902e1f3442956ea6c039a41b19fd94517fd70882b433d7958bbe6d481123b62
-
SHA512
f9ce98ce554f72b544d939b1714c76bebe7b95238aef7921db68064a797e4abad839b82415b1455d51a53a013ef1ab6dbf1a942bc419f69210e13e081d18e778
-
SSDEEP
12288:VO3CZpG0g7cWlVtR4nre3JyDoZI2MW0rwrsu:rZpG0QPin63JaoZI2h3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-