General
-
Target
f73b8d49fa2804962f75b6b373d1bb9f_JaffaCakes118
-
Size
477KB
-
Sample
240418-erv1jabh4y
-
MD5
f73b8d49fa2804962f75b6b373d1bb9f
-
SHA1
1719670936a7c04389ba1aaa7795e589cd5e8eef
-
SHA256
4eb40be2f5a04abd599bd0dc4abd4eee47ec853f453b14abc09d2a575e7e9a10
-
SHA512
8ab6360702c429a3d9dc607ec7db120ce6cce612e4ed2cfe7b36f5f7d99ad867ccecffd6b7dba0322cc4318199c3a4b0ca95176319d0aa69692fd5d4eb07c78b
-
SSDEEP
6144:/9K5TSqBPn/GCjKW0Hi/05bPjZGc3MXOX1GP/sXMW0rLAb56dpLN4XQKJrsu:+tBfbz0C/057jZvroP/qMW0rwrsu
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
f73b8d49fa2804962f75b6b373d1bb9f_JaffaCakes118
-
Size
477KB
-
MD5
f73b8d49fa2804962f75b6b373d1bb9f
-
SHA1
1719670936a7c04389ba1aaa7795e589cd5e8eef
-
SHA256
4eb40be2f5a04abd599bd0dc4abd4eee47ec853f453b14abc09d2a575e7e9a10
-
SHA512
8ab6360702c429a3d9dc607ec7db120ce6cce612e4ed2cfe7b36f5f7d99ad867ccecffd6b7dba0322cc4318199c3a4b0ca95176319d0aa69692fd5d4eb07c78b
-
SSDEEP
6144:/9K5TSqBPn/GCjKW0Hi/05bPjZGc3MXOX1GP/sXMW0rLAb56dpLN4XQKJrsu:+tBfbz0C/057jZvroP/qMW0rwrsu
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-