General

  • Target

    9c31ea226cf3dcd210ebff9e46828170N.exe

  • Size

    377KB

  • Sample

    240905-l448asyfrf

  • MD5

    9c31ea226cf3dcd210ebff9e46828170

  • SHA1

    fff872ddebbbe45628bfc44416e1bf7d989163d6

  • SHA256

    fbff39937b838ac6f56ac14968e4e95d5a9ec566f5b2ca8585e14a5a0f91e3d8

  • SHA512

    3b8702c80125b3ef7320fd3e50aac1ebec64cd5a2f1cc3547dd9bc3ccfcee67c21e50c2529369704af49b9c37ec7be41d9734882eed7682124053e8b7000f05d

  • SSDEEP

    6144:P1mOdykKG1ntO5nl4R64yQ5Htn0z02dNx+bZ2okKkV4ri9v0IemQ7idv5TuZC2oY:9rydSntO5l4R+sexwbIokKkV4m9cIm8O

Malware Config

Extracted

Family

fickerstealer

C2

185.234.247.233:80

Targets

    • Target

      9c31ea226cf3dcd210ebff9e46828170N.exe

    • Size

      377KB

    • MD5

      9c31ea226cf3dcd210ebff9e46828170

    • SHA1

      fff872ddebbbe45628bfc44416e1bf7d989163d6

    • SHA256

      fbff39937b838ac6f56ac14968e4e95d5a9ec566f5b2ca8585e14a5a0f91e3d8

    • SHA512

      3b8702c80125b3ef7320fd3e50aac1ebec64cd5a2f1cc3547dd9bc3ccfcee67c21e50c2529369704af49b9c37ec7be41d9734882eed7682124053e8b7000f05d

    • SSDEEP

      6144:P1mOdykKG1ntO5nl4R64yQ5Htn0z02dNx+bZ2okKkV4ri9v0IemQ7idv5TuZC2oY:9rydSntO5l4R+sexwbIokKkV4m9cIm8O

    • Fickerstealer

      Ficker is an infostealer written in Rust and ASM.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks