fickerstealer | 4eb40be2f5a04abd599bd0dc4abd4eee47ec853f453b14abc09d2a575e7e9a10 | Triage

Sharing

General

Target

f73b8d49fa2804962f75b6b373d1bb9f_JaffaCakes118
Size

477KB
Sample

240418-erv1jabh4y
MD5

f73b8d49fa2804962f75b6b373d1bb9f
SHA1

1719670936a7c04389ba1aaa7795e589cd5e8eef
SHA256

4eb40be2f5a04abd599bd0dc4abd4eee47ec853f453b14abc09d2a575e7e9a10
SHA512

8ab6360702c429a3d9dc607ec7db120ce6cce612e4ed2cfe7b36f5f7d99ad867ccecffd6b7dba0322cc4318199c3a4b0ca95176319d0aa69692fd5d4eb07c78b
SSDEEP

6144:/9K5TSqBPn/GCjKW0Hi/05bPjZGc3MXOX1GP/sXMW0rLAb56dpLN4XQKJrsu:+tBfbz0C/057jZvroP/qMW0rwrsu

Score

10^/10

fickerstealer infostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Targets

- Target
  
  f73b8d49fa2804962f75b6b373d1bb9f_JaffaCakes118
- Size
  
  477KB
- MD5
  
  f73b8d49fa2804962f75b6b373d1bb9f
- SHA1
  
  1719670936a7c04389ba1aaa7795e589cd5e8eef
- SHA256
  
  4eb40be2f5a04abd599bd0dc4abd4eee47ec853f453b14abc09d2a575e7e9a10
- SHA512
  
  8ab6360702c429a3d9dc607ec7db120ce6cce612e4ed2cfe7b36f5f7d99ad867ccecffd6b7dba0322cc4318199c3a4b0ca95176319d0aa69692fd5d4eb07c78b
- SSDEEP
  
  6144:/9K5TSqBPn/GCjKW0Hi/05bPjZGc3MXOX1GP/sXMW0rLAb56dpLN4XQKJrsu:+tBfbz0C/057jZvroP/qMW0rwrsu
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer