fickerstealer | 8c83844722c5a6efc00ae36bf0a8548d3257e088d1547362227541f57ee98980 | Triage

Submit
Reports

Overview

overview

Static

static

3

03d7a8888d...18.exe

windows7-x64

03d7a8888d...18.exe

windows10-2004-x64

Sharing

General

Target

03d7a8888dd522a8536773a65c6e5568_JaffaCakes118
Size

223KB
Sample

240622-znsq8ateng
MD5

03d7a8888dd522a8536773a65c6e5568
SHA1

7ce552e8cf660fb6afa00a374c91f79b25be0952
SHA256

8c83844722c5a6efc00ae36bf0a8548d3257e088d1547362227541f57ee98980
SHA512

b886aa5ff933c50d2a029f14e341ff215e9db962831202c85b05cfa13a2a76b51422e7cb4fb81baffdb8bdd3ab4ac5ff0f5faf841beb53a0a8f84844a868a6cb
SSDEEP

3072:rdFrecnL9wgVawF6SrlHrE6E7xh6+hCLY9cv8QzvX0Br8+xmBfizxQnxPCU6pDjp:rqmpVaO6y46q0YnWEBBxX+xPaj9Vp

Score

10^/10

fickerstealer infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

03d7a8888dd522a8536773a65c6e5568_JaffaCakes118.exe

Resource

win7-20240508-en

fickerstealer infostealer

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

03d7a8888dd522a8536773a65c6e5568_JaffaCakes118.exe

Resource

win10v2004-20240508-en

fickerstealer infostealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

fickerstealer

C2

185.234.247.233:80

Targets

- Target
  
  03d7a8888dd522a8536773a65c6e5568_JaffaCakes118
- Size
  
  223KB
- MD5
  
  03d7a8888dd522a8536773a65c6e5568
- SHA1
  
  7ce552e8cf660fb6afa00a374c91f79b25be0952
- SHA256
  
  8c83844722c5a6efc00ae36bf0a8548d3257e088d1547362227541f57ee98980
- SHA512
  
  b886aa5ff933c50d2a029f14e341ff215e9db962831202c85b05cfa13a2a76b51422e7cb4fb81baffdb8bdd3ab4ac5ff0f5faf841beb53a0a8f84844a868a6cb
- SSDEEP
  
  3072:rdFrecnL9wgVawF6SrlHrE6E7xh6+hCLY9cv8QzvX0Br8+xmBfizxQnxPCU6pDjp:rqmpVaO6y46q0YnWEBBxX+xPaj9Vp
Score

10^/10

fickerstealer infostealer
- Fickerstealer
  Ficker is an infostealer written in Rust and ASM.
  infostealer fickerstealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

fickerstealerinfostealer

behavioral2

fickerstealerinfostealer

© 2018-2024

Terms | Privacy