fickerstealer | 021698422b3ab0f4211843c0ebb98837ce0b8f7889d43f466fb29dbd6177190b | Triage

Sharing

General

Target

f8e5688e024d3d06bfd433843080bd15_JaffaCakes118
Size

582KB
Sample

240418-2ha1bshg5y
MD5

f8e5688e024d3d06bfd433843080bd15
SHA1

33fec4d35499fe655078ab68d56595b852b9ae0d
SHA256

021698422b3ab0f4211843c0ebb98837ce0b8f7889d43f466fb29dbd6177190b
SHA512

c586e22a519fdf85b7d6dc75090c1b1f676af6caaec2011cfd103a1b24eab577a20ebc464a0c49d82bb0e2cc653002a30b10818ed78ef7693d66c675ee5aeae3
SSDEEP

12288:2wfhPcJ7prtgBdcRHy/4Rm1vBq32wM/TMW0rwrsu:nO7pr0/5NQ329Th3

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

- Target
  
  f8e5688e024d3d06bfd433843080bd15_JaffaCakes118
- Size
  
  582KB
- MD5
  
  f8e5688e024d3d06bfd433843080bd15
- SHA1
  
  33fec4d35499fe655078ab68d56595b852b9ae0d
- SHA256
  
  021698422b3ab0f4211843c0ebb98837ce0b8f7889d43f466fb29dbd6177190b
- SHA512
  
  c586e22a519fdf85b7d6dc75090c1b1f676af6caaec2011cfd103a1b24eab577a20ebc464a0c49d82bb0e2cc653002a30b10818ed78ef7693d66c675ee5aeae3
- SSDEEP
  
  12288:2wfhPcJ7prtgBdcRHy/4Rm1vBq32wM/TMW0rwrsu:nO7pr0/5NQ329Th3
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer