fickerstealer | b8da203d180da2d9ceec48442eb51bdbec51ea08f43b6eafda4a57f175ae597b | Triage

Sharing

General

Target

f5fe272c75ce928304e5d19849402a2e_JaffaCakes118
Size

533KB
Sample

240417-rxv9psdf9w
MD5

f5fe272c75ce928304e5d19849402a2e
SHA1

848b850ff669235d2a802c45b46ca7abf2708bf1
SHA256

b8da203d180da2d9ceec48442eb51bdbec51ea08f43b6eafda4a57f175ae597b
SHA512

5277ee10f519c19c1b1e75e4f1ef9347cb46c96fa6b68c27b7d1af7693c5c365265d32a59e32f0b6a15254227cd5116479c4991fc9269e71ae7595efaafa8c25
SSDEEP

6144:s377KeJ1xMoRl8X103xPaE7PlEYIMMMW0rLAb56dpLN4XQKJrsu:sL7KaSoRli031RExMW0rwrsu

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

- Target
  
  f5fe272c75ce928304e5d19849402a2e_JaffaCakes118
- Size
  
  533KB
- MD5
  
  f5fe272c75ce928304e5d19849402a2e
- SHA1
  
  848b850ff669235d2a802c45b46ca7abf2708bf1
- SHA256
  
  b8da203d180da2d9ceec48442eb51bdbec51ea08f43b6eafda4a57f175ae597b
- SHA512
  
  5277ee10f519c19c1b1e75e4f1ef9347cb46c96fa6b68c27b7d1af7693c5c365265d32a59e32f0b6a15254227cd5116479c4991fc9269e71ae7595efaafa8c25
- SSDEEP
  
  6144:s377KeJ1xMoRl8X103xPaE7PlEYIMMMW0rLAb56dpLN4XQKJrsu:sL7KaSoRli031RExMW0rwrsu
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer