General

  • Target

    1045b0b441c50d7268f9fbcc19a23093f9efae22c0fc006a28e11190f7115fa4

  • Size

    274KB

  • Sample

    240731-lasbmssamb

  • MD5

    9d6fd73873666d91d219cc5cebbaeff9

  • SHA1

    022ff1a36b2cafdc5197120634076cef6fac5c50

  • SHA256

    1045b0b441c50d7268f9fbcc19a23093f9efae22c0fc006a28e11190f7115fa4

  • SHA512

    8333dfd50715e11dc848a45e45dd87bf49ca7437c1b64fbfd0a0efa41711374fe75e08a1fa8b609df80464d173f1a711d4627876e78b969f2d014ff0f6b9e8c0

  • SSDEEP

    6144:nF6fMGHY2jNSUW2bcNpp4asiNCM68xtEdz4ibA9R2f3pRphO92yW:E0GH/h3IbNNo8xt84ibSe5Rpw9TW

Malware Config

Extracted

Family

fickerstealer

C2

188.120.251.192:80

Targets

    • Target

      c04433797667c205da21d0b783bdbbbd6ba3ca3d62f43f6e7e911ccdf09007cb

    • Size

      390KB

    • MD5

      562daf0dafe1eeed0d7b541d39136156

    • SHA1

      3b432a2b66cd8eb3837d7547ea3eb287f2b26574

    • SHA256

      c04433797667c205da21d0b783bdbbbd6ba3ca3d62f43f6e7e911ccdf09007cb

    • SHA512

      62abb8de0a46f320161e393560748ffa6ed3f89fa342dbc41e429ae67c5c1248b7facc1e26e203a61131d84eda03de2612bc1f719a0525cbba03e37abac007ba

    • SSDEEP

      6144:WlztA+MRDqoqLgblVk9hXWADQk8kVh6OV5dVvQ7ceWJdpp00xsu:Wl++MRDsKlahPDQEVpvwWJ5fxsu

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks