General
-
Target
ee689f964b2b01d7c941cd022baee567_JaffaCakes118
-
Size
587KB
-
Sample
240411-1ln6pahc7t
-
MD5
ee689f964b2b01d7c941cd022baee567
-
SHA1
e02143cd33b67b1ae954d3feab50420d972a1a8c
-
SHA256
4fe0b0d41ba0644c0a444aa83aab9861b821971573e62bd04c0812750765cfd3
-
SHA512
9c5723b59d28a3f342bebb2fe010325c4e7118462cb9a0c78b1b4c9d5135c77dd7a87d78af75464cafed74ab79f8bd4eedc13b0fdf3db4d132a9421a2a3d8664
-
SSDEEP
12288:rgO1Wale6EWj5H325qU+ZfV44nk6j+W7erN9MW0rwrsu:yaWW125mZf64nxah3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
ee689f964b2b01d7c941cd022baee567_JaffaCakes118
-
Size
587KB
-
MD5
ee689f964b2b01d7c941cd022baee567
-
SHA1
e02143cd33b67b1ae954d3feab50420d972a1a8c
-
SHA256
4fe0b0d41ba0644c0a444aa83aab9861b821971573e62bd04c0812750765cfd3
-
SHA512
9c5723b59d28a3f342bebb2fe010325c4e7118462cb9a0c78b1b4c9d5135c77dd7a87d78af75464cafed74ab79f8bd4eedc13b0fdf3db4d132a9421a2a3d8664
-
SSDEEP
12288:rgO1Wale6EWj5H325qU+ZfV44nk6j+W7erN9MW0rwrsu:yaWW125mZf64nxah3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-