fickerstealer | 59398b00d63f0c2169c71b326232a8513ddd1924a456287a38f73ee21b348ba0 | Triage

Sharing

General

Target

d9c7021bd6109e39734c2e9f0a502770
Size

483KB
Sample

240320-zhpsdaae85
MD5

d9c7021bd6109e39734c2e9f0a502770
SHA1

063bf55baf3f0c70500d2a5fb0154299b1082db0
SHA256

59398b00d63f0c2169c71b326232a8513ddd1924a456287a38f73ee21b348ba0
SHA512

5b513e8d40f07efe2e4387e3d61f311c7f906da7334fec64b92706993c6df8a63b4af1fbb964369606733833b6f317e1c38566d1ebb4558c75e457794d144bfd
SSDEEP

6144:cU0EMTJwzueCKxocXFIY4T9Eh/N2wn753NzbwgAYwD1HeMW0rLAb56dpLN4XQKJ3:FMeKe9XWRk/N9vzbjAYwDwMW0rwrsu

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

- Target
  
  d9c7021bd6109e39734c2e9f0a502770
- Size
  
  483KB
- MD5
  
  d9c7021bd6109e39734c2e9f0a502770
- SHA1
  
  063bf55baf3f0c70500d2a5fb0154299b1082db0
- SHA256
  
  59398b00d63f0c2169c71b326232a8513ddd1924a456287a38f73ee21b348ba0
- SHA512
  
  5b513e8d40f07efe2e4387e3d61f311c7f906da7334fec64b92706993c6df8a63b4af1fbb964369606733833b6f317e1c38566d1ebb4558c75e457794d144bfd
- SSDEEP
  
  6144:cU0EMTJwzueCKxocXFIY4T9Eh/N2wn753NzbwgAYwD1HeMW0rLAb56dpLN4XQKJ3:FMeKe9XWRk/N9vzbjAYwDwMW0rwrsu
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer