General
-
Target
f8e5688e024d3d06bfd433843080bd15_JaffaCakes118
-
Size
582KB
-
Sample
240418-2ha1bshg5y
-
MD5
f8e5688e024d3d06bfd433843080bd15
-
SHA1
33fec4d35499fe655078ab68d56595b852b9ae0d
-
SHA256
021698422b3ab0f4211843c0ebb98837ce0b8f7889d43f466fb29dbd6177190b
-
SHA512
c586e22a519fdf85b7d6dc75090c1b1f676af6caaec2011cfd103a1b24eab577a20ebc464a0c49d82bb0e2cc653002a30b10818ed78ef7693d66c675ee5aeae3
-
SSDEEP
12288:2wfhPcJ7prtgBdcRHy/4Rm1vBq32wM/TMW0rwrsu:nO7pr0/5NQ329Th3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
f8e5688e024d3d06bfd433843080bd15_JaffaCakes118
-
Size
582KB
-
MD5
f8e5688e024d3d06bfd433843080bd15
-
SHA1
33fec4d35499fe655078ab68d56595b852b9ae0d
-
SHA256
021698422b3ab0f4211843c0ebb98837ce0b8f7889d43f466fb29dbd6177190b
-
SHA512
c586e22a519fdf85b7d6dc75090c1b1f676af6caaec2011cfd103a1b24eab577a20ebc464a0c49d82bb0e2cc653002a30b10818ed78ef7693d66c675ee5aeae3
-
SSDEEP
12288:2wfhPcJ7prtgBdcRHy/4Rm1vBq32wM/TMW0rwrsu:nO7pr0/5NQ329Th3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-