General
-
Target
d9c7021bd6109e39734c2e9f0a502770
-
Size
483KB
-
Sample
240320-zhpsdaae85
-
MD5
d9c7021bd6109e39734c2e9f0a502770
-
SHA1
063bf55baf3f0c70500d2a5fb0154299b1082db0
-
SHA256
59398b00d63f0c2169c71b326232a8513ddd1924a456287a38f73ee21b348ba0
-
SHA512
5b513e8d40f07efe2e4387e3d61f311c7f906da7334fec64b92706993c6df8a63b4af1fbb964369606733833b6f317e1c38566d1ebb4558c75e457794d144bfd
-
SSDEEP
6144:cU0EMTJwzueCKxocXFIY4T9Eh/N2wn753NzbwgAYwD1HeMW0rLAb56dpLN4XQKJ3:FMeKe9XWRk/N9vzbjAYwDwMW0rwrsu
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
d9c7021bd6109e39734c2e9f0a502770
-
Size
483KB
-
MD5
d9c7021bd6109e39734c2e9f0a502770
-
SHA1
063bf55baf3f0c70500d2a5fb0154299b1082db0
-
SHA256
59398b00d63f0c2169c71b326232a8513ddd1924a456287a38f73ee21b348ba0
-
SHA512
5b513e8d40f07efe2e4387e3d61f311c7f906da7334fec64b92706993c6df8a63b4af1fbb964369606733833b6f317e1c38566d1ebb4558c75e457794d144bfd
-
SSDEEP
6144:cU0EMTJwzueCKxocXFIY4T9Eh/N2wn753NzbwgAYwD1HeMW0rLAb56dpLN4XQKJ3:FMeKe9XWRk/N9vzbjAYwDwMW0rwrsu
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-