General
-
Target
f60c6ef59b530f9a0ec427341ef785ea_JaffaCakes118
-
Size
528KB
-
Sample
240417-sf6jsaeg9x
-
MD5
f60c6ef59b530f9a0ec427341ef785ea
-
SHA1
87b4fe55c2c5ca457b97881d563269f3ffa02da1
-
SHA256
4edfc144feecffef16943050f84782aed194060096c3ae8e96fd00b3e128f38f
-
SHA512
8f54dcbe256736955fdbad0fe2af68dba4d571985d81ce2eb2ac1e9f66d7ace00e5f032d1e4e33495eec962e70b6c4922e65b63a1e1b44ce2553c40b1a1df372
-
SSDEEP
12288:HiKkERkF9HLqymbnCLq/yZf30e2MW0rwrsu:wERklmh/yZse2h3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
f60c6ef59b530f9a0ec427341ef785ea_JaffaCakes118
-
Size
528KB
-
MD5
f60c6ef59b530f9a0ec427341ef785ea
-
SHA1
87b4fe55c2c5ca457b97881d563269f3ffa02da1
-
SHA256
4edfc144feecffef16943050f84782aed194060096c3ae8e96fd00b3e128f38f
-
SHA512
8f54dcbe256736955fdbad0fe2af68dba4d571985d81ce2eb2ac1e9f66d7ace00e5f032d1e4e33495eec962e70b6c4922e65b63a1e1b44ce2553c40b1a1df372
-
SSDEEP
12288:HiKkERkF9HLqymbnCLq/yZf30e2MW0rwrsu:wERklmh/yZse2h3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-