General
-
Target
efa550a732dbd3eccd3d56d4e9a0af04_JaffaCakes118
-
Size
533KB
-
Sample
240414-2ar9msaa81
-
MD5
efa550a732dbd3eccd3d56d4e9a0af04
-
SHA1
76f363dee782664169b0fa54a3a25a3cfc6041df
-
SHA256
fc7c9e6124190d28580d29ba4a21e3d521e4e8bcf4639402bcc59a93c02e9619
-
SHA512
5936bf4dbc8e35762d62e6751894137d1107e09d34c19bd2b15843781244cd22af35f312ca10e4af96945a3e1a8b1ed818e9adcb2d62801bfa596e4af6c1518f
-
SSDEEP
6144:RaXgXGx+fMtLXFSbCg8XnPN7aBu+PhXU9aE7+oxEYIMMMW0rLAb56dpLN4XQKJrL:A8X+JaPX4dxExMW0rwrsu
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
efa550a732dbd3eccd3d56d4e9a0af04_JaffaCakes118
-
Size
533KB
-
MD5
efa550a732dbd3eccd3d56d4e9a0af04
-
SHA1
76f363dee782664169b0fa54a3a25a3cfc6041df
-
SHA256
fc7c9e6124190d28580d29ba4a21e3d521e4e8bcf4639402bcc59a93c02e9619
-
SHA512
5936bf4dbc8e35762d62e6751894137d1107e09d34c19bd2b15843781244cd22af35f312ca10e4af96945a3e1a8b1ed818e9adcb2d62801bfa596e4af6c1518f
-
SSDEEP
6144:RaXgXGx+fMtLXFSbCg8XnPN7aBu+PhXU9aE7+oxEYIMMMW0rLAb56dpLN4XQKJrL:A8X+JaPX4dxExMW0rwrsu
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-