General

  • Target

    view

  • Size

    87KB

  • Sample

    240816-dr36gawflr

  • MD5

    46c0c6964ceb25bb8387310ad164a5dc

  • SHA1

    cd9304259e9707609dc193eb3b4625f713d59ed5

  • SHA256

    e82b6dbff7c4257eefb6e78e4ded3a295de8f2e31a77e7fcc311af233ea3d52a

  • SHA512

    9dbb9098b61f832d8b793d4d04c3ff7dea7cb18c91757aef672e6564809481167bb49ef55546cd701686e6fb8b071c8cfa5fb007699f1d09d1ff77988c2b4334

  • SSDEEP

    1536:mbYhSxWHCT6NGmYFkL+q/A0opwCtH0YW5+1+fON:64cVkxA0QUrw

Malware Config

Extracted

Family

fickerstealer

C2

45.93.201.181:80

Targets

    • Target

      view

    • Size

      87KB

    • MD5

      46c0c6964ceb25bb8387310ad164a5dc

    • SHA1

      cd9304259e9707609dc193eb3b4625f713d59ed5

    • SHA256

      e82b6dbff7c4257eefb6e78e4ded3a295de8f2e31a77e7fcc311af233ea3d52a

    • SHA512

      9dbb9098b61f832d8b793d4d04c3ff7dea7cb18c91757aef672e6564809481167bb49ef55546cd701686e6fb8b071c8cfa5fb007699f1d09d1ff77988c2b4334

    • SSDEEP

      1536:mbYhSxWHCT6NGmYFkL+q/A0opwCtH0YW5+1+fON:64cVkxA0QUrw

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks