General
-
Target
f5fe272c75ce928304e5d19849402a2e_JaffaCakes118
-
Size
533KB
-
Sample
240417-rxv9psdf9w
-
MD5
f5fe272c75ce928304e5d19849402a2e
-
SHA1
848b850ff669235d2a802c45b46ca7abf2708bf1
-
SHA256
b8da203d180da2d9ceec48442eb51bdbec51ea08f43b6eafda4a57f175ae597b
-
SHA512
5277ee10f519c19c1b1e75e4f1ef9347cb46c96fa6b68c27b7d1af7693c5c365265d32a59e32f0b6a15254227cd5116479c4991fc9269e71ae7595efaafa8c25
-
SSDEEP
6144:s377KeJ1xMoRl8X103xPaE7PlEYIMMMW0rLAb56dpLN4XQKJrsu:sL7KaSoRli031RExMW0rwrsu
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
f5fe272c75ce928304e5d19849402a2e_JaffaCakes118
-
Size
533KB
-
MD5
f5fe272c75ce928304e5d19849402a2e
-
SHA1
848b850ff669235d2a802c45b46ca7abf2708bf1
-
SHA256
b8da203d180da2d9ceec48442eb51bdbec51ea08f43b6eafda4a57f175ae597b
-
SHA512
5277ee10f519c19c1b1e75e4f1ef9347cb46c96fa6b68c27b7d1af7693c5c365265d32a59e32f0b6a15254227cd5116479c4991fc9269e71ae7595efaafa8c25
-
SSDEEP
6144:s377KeJ1xMoRl8X103xPaE7PlEYIMMMW0rLAb56dpLN4XQKJrsu:sL7KaSoRli031RExMW0rwrsu
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-