General

  • Target

    ee689f964b2b01d7c941cd022baee567_JaffaCakes118

  • Size

    587KB

  • Sample

    240411-1ln6pahc7t

  • MD5

    ee689f964b2b01d7c941cd022baee567

  • SHA1

    e02143cd33b67b1ae954d3feab50420d972a1a8c

  • SHA256

    4fe0b0d41ba0644c0a444aa83aab9861b821971573e62bd04c0812750765cfd3

  • SHA512

    9c5723b59d28a3f342bebb2fe010325c4e7118462cb9a0c78b1b4c9d5135c77dd7a87d78af75464cafed74ab79f8bd4eedc13b0fdf3db4d132a9421a2a3d8664

  • SSDEEP

    12288:rgO1Wale6EWj5H325qU+ZfV44nk6j+W7erN9MW0rwrsu:yaWW125mZf64nxah3

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

    • Target

      ee689f964b2b01d7c941cd022baee567_JaffaCakes118

    • Size

      587KB

    • MD5

      ee689f964b2b01d7c941cd022baee567

    • SHA1

      e02143cd33b67b1ae954d3feab50420d972a1a8c

    • SHA256

      4fe0b0d41ba0644c0a444aa83aab9861b821971573e62bd04c0812750765cfd3

    • SHA512

      9c5723b59d28a3f342bebb2fe010325c4e7118462cb9a0c78b1b4c9d5135c77dd7a87d78af75464cafed74ab79f8bd4eedc13b0fdf3db4d132a9421a2a3d8664

    • SSDEEP

      12288:rgO1Wale6EWj5H325qU+ZfV44nk6j+W7erN9MW0rwrsu:yaWW125mZf64nxah3

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks