fickerstealer | 2c04fcbd90a80c7fd194b868b2d9d7dfc8622e98487e65560375e873034a6899 | Triage

Sharing

General

Target

bb63e42e54a05254ef6548d0b3f47cd4
Size

591KB
Sample

240308-qtwkmagb79
MD5

bb63e42e54a05254ef6548d0b3f47cd4
SHA1

85cba54ac296a31fc93fbabd05aa1687f7835d66
SHA256

2c04fcbd90a80c7fd194b868b2d9d7dfc8622e98487e65560375e873034a6899
SHA512

1190305963f3b5c547a946ca317334e86a063a03648c19e770d67071400e863be8aeaff41c274c0f9f49c9584d57ec6e9de97f246e9d3f7332f57130918a2494
SSDEEP

12288:qY41ITc08TD+O0NV7Isj7Hc7PMxy4bAwsMW0rwrsu:qOT38GTpjGGy4Ejh3

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

- Target
  
  bb63e42e54a05254ef6548d0b3f47cd4
- Size
  
  591KB
- MD5
  
  bb63e42e54a05254ef6548d0b3f47cd4
- SHA1
  
  85cba54ac296a31fc93fbabd05aa1687f7835d66
- SHA256
  
  2c04fcbd90a80c7fd194b868b2d9d7dfc8622e98487e65560375e873034a6899
- SHA512
  
  1190305963f3b5c547a946ca317334e86a063a03648c19e770d67071400e863be8aeaff41c274c0f9f49c9584d57ec6e9de97f246e9d3f7332f57130918a2494
- SSDEEP
  
  12288:qY41ITc08TD+O0NV7Isj7Hc7PMxy4bAwsMW0rwrsu:qOT38GTpjGGy4Ejh3
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer