fickerstealer | fc7c9e6124190d28580d29ba4a21e3d521e4e8bcf4639402bcc59a93c02e9619 | Triage

Sharing

General

Target

efa550a732dbd3eccd3d56d4e9a0af04_JaffaCakes118
Size

533KB
Sample

240414-2ar9msaa81
MD5

efa550a732dbd3eccd3d56d4e9a0af04
SHA1

76f363dee782664169b0fa54a3a25a3cfc6041df
SHA256

fc7c9e6124190d28580d29ba4a21e3d521e4e8bcf4639402bcc59a93c02e9619
SHA512

5936bf4dbc8e35762d62e6751894137d1107e09d34c19bd2b15843781244cd22af35f312ca10e4af96945a3e1a8b1ed818e9adcb2d62801bfa596e4af6c1518f
SSDEEP

6144:RaXgXGx+fMtLXFSbCg8XnPN7aBu+PhXU9aE7+oxEYIMMMW0rLAb56dpLN4XQKJrL:A8X+JaPX4dxExMW0rwrsu

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

- Target
  
  efa550a732dbd3eccd3d56d4e9a0af04_JaffaCakes118
- Size
  
  533KB
- MD5
  
  efa550a732dbd3eccd3d56d4e9a0af04
- SHA1
  
  76f363dee782664169b0fa54a3a25a3cfc6041df
- SHA256
  
  fc7c9e6124190d28580d29ba4a21e3d521e4e8bcf4639402bcc59a93c02e9619
- SHA512
  
  5936bf4dbc8e35762d62e6751894137d1107e09d34c19bd2b15843781244cd22af35f312ca10e4af96945a3e1a8b1ed818e9adcb2d62801bfa596e4af6c1518f
- SSDEEP
  
  6144:RaXgXGx+fMtLXFSbCg8XnPN7aBu+PhXU9aE7+oxEYIMMMW0rLAb56dpLN4XQKJrL:A8X+JaPX4dxExMW0rwrsu
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer