Extracted

• • Target

    5598027d46551abb118ee343baaa530d_JaffaCakes118

  • Size

    2.9MB

  • MD5

    5598027d46551abb118ee343baaa530d

  • SHA1

    16907ea747cbaaae64b83b95566e0aba6a022a2c

  • SHA256

    ab33dd2fe5e133ea982810c86ac78f41572e632a037536e3e908f1cea2483223

  • SHA512

    8ba9536a4556ad0aa95cef9a0b5e26d729cdb9e0f03aed5d721358b650e6be0764217d348e4d353276ccfc39e43a0c16d51cd6d7166034f9bb31c6a479880c84

  • SSDEEP

    49152:SRegR/NMCAlS3pcg1JEqm903QM0RbLW3uT3oyRISIsJ0O1jpfivAKsmqqV:PW19cG6RXku7oHSzSO11ame

  Score

  10^/10

  fickerstealerevasioninfostealer

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2