fickerstealer | f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a

Resubmissions

07-10-2024 20:45

241007-zjry5axama 10

07-10-2024 20:33

241007-zbw8wasgmn 10

Analysis

max time kernel
141s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-10-2024 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a.exe
Size

5.6MB
MD5

3d174a94e83b2a59d05c68eaa7aa761f
SHA1

fabf2977736c850f3e40cf92731e171395b7a346
SHA256

f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a
SHA512

976f21560adb97c8c0083040d1d01120e20a86168ec2ff47efdf8f6f7718d97d94068d32014d8f4e87153d851908fcc956dd066b694cf02b0f8d6d8e368a6dc3
SSDEEP

12288:jO+SiBMdiBnf34FjalriBLHE45xu4XF5wfhonyueie2L7Ax+2bw8jUEJB7Njk9En:KmVfqalritE4NV5wf8euA3wmXNjsE+

Score

10^/10

fickerstealer discovery infostealer

Malware Config

Extracted

Family

fickerstealer

85.17.190.28:80

Signatures

Fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
3	api.ipify.org

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a.exe

C:\Users\Admin\AppData\Local\Temp\f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a.exe
"C:\Users\Admin\AppData\Local\Temp\f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\kaosdma.txt

Filesize
13B

MD5
17bcf11dc5f1fa6c48a1a856a72f1119

SHA1
873ec0cbd312762df3510b8cccf260dc0a23d709

SHA256
a7bf504871a46343c2feab9d923e01b9dca4e980b2e122ad55fd4dbb3f6c16d9

SHA512
9c12db4c6a105e767ff27048d2f8f19de5c9721ce6503dbb497aedcc1fc8b910a6fa43ec987fecd26794aff7440cb984744698fec5741dd73400a299dc3b2a25

Download Submit
memory/2200-5-0x0000000000400000-0x00000000005E2000-memory.dmp

Filesize
1.9MB

Download