fickerstealer | 630557f73f7424a215ce2e416c5efdcfa1d62ad2d41372f1c9a4f41190694f38 | Triage

Sharing

General

Target

caa2aadf76455cccb3df3dca2df6608b
Size

430KB
Sample

240315-gh3ecshd8t
MD5

caa2aadf76455cccb3df3dca2df6608b
SHA1

6fb8bb59b9125530d691c44d922f4dbdd47de0ee
SHA256

630557f73f7424a215ce2e416c5efdcfa1d62ad2d41372f1c9a4f41190694f38
SHA512

95df9af9ad75f733a8d352308fbd50e6158906a01717303d5eb817225268165b194827cad29c154343e1420f3ad90aa7a0fc50dfb6916cb53daa2daccd176670
SSDEEP

6144:Gc9SpEynTbNJI6p3sDpC6UHq4omgFnLfMW0rLAb56dpLN4XQKJrsu:GqSpE+nN+QsNnUHqhZZLfMW0rwrsu

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

- Target
  
  caa2aadf76455cccb3df3dca2df6608b
- Size
  
  430KB
- MD5
  
  caa2aadf76455cccb3df3dca2df6608b
- SHA1
  
  6fb8bb59b9125530d691c44d922f4dbdd47de0ee
- SHA256
  
  630557f73f7424a215ce2e416c5efdcfa1d62ad2d41372f1c9a4f41190694f38
- SHA512
  
  95df9af9ad75f733a8d352308fbd50e6158906a01717303d5eb817225268165b194827cad29c154343e1420f3ad90aa7a0fc50dfb6916cb53daa2daccd176670
- SSDEEP
  
  6144:Gc9SpEynTbNJI6p3sDpC6UHq4omgFnLfMW0rLAb56dpLN4XQKJrsu:GqSpE+nN+QsNnUHqhZZLfMW0rwrsu
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer