General

  • Target

    bb63e42e54a05254ef6548d0b3f47cd4

  • Size

    591KB

  • Sample

    240308-qtwkmagb79

  • MD5

    bb63e42e54a05254ef6548d0b3f47cd4

  • SHA1

    85cba54ac296a31fc93fbabd05aa1687f7835d66

  • SHA256

    2c04fcbd90a80c7fd194b868b2d9d7dfc8622e98487e65560375e873034a6899

  • SHA512

    1190305963f3b5c547a946ca317334e86a063a03648c19e770d67071400e863be8aeaff41c274c0f9f49c9584d57ec6e9de97f246e9d3f7332f57130918a2494

  • SSDEEP

    12288:qY41ITc08TD+O0NV7Isj7Hc7PMxy4bAwsMW0rwrsu:qOT38GTpjGGy4Ejh3

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      bb63e42e54a05254ef6548d0b3f47cd4

    • Size

      591KB

    • MD5

      bb63e42e54a05254ef6548d0b3f47cd4

    • SHA1

      85cba54ac296a31fc93fbabd05aa1687f7835d66

    • SHA256

      2c04fcbd90a80c7fd194b868b2d9d7dfc8622e98487e65560375e873034a6899

    • SHA512

      1190305963f3b5c547a946ca317334e86a063a03648c19e770d67071400e863be8aeaff41c274c0f9f49c9584d57ec6e9de97f246e9d3f7332f57130918a2494

    • SSDEEP

      12288:qY41ITc08TD+O0NV7Isj7Hc7PMxy4bAwsMW0rwrsu:qOT38GTpjGGy4Ejh3

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks