Resubmissions

07-10-2024 20:45

241007-zjry5axama 10

07-10-2024 20:33

241007-zbw8wasgmn 10

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07-10-2024 20:45

General

  • Target

    f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a.exe

  • Size

    5.6MB

  • MD5

    3d174a94e83b2a59d05c68eaa7aa761f

  • SHA1

    fabf2977736c850f3e40cf92731e171395b7a346

  • SHA256

    f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a

  • SHA512

    976f21560adb97c8c0083040d1d01120e20a86168ec2ff47efdf8f6f7718d97d94068d32014d8f4e87153d851908fcc956dd066b694cf02b0f8d6d8e368a6dc3

  • SSDEEP

    12288:jO+SiBMdiBnf34FjalriBLHE45xu4XF5wfhonyueie2L7Ax+2bw8jUEJB7Njk9En:KmVfqalritE4NV5wf8euA3wmXNjsE+

Malware Config

Extracted

Family

fickerstealer

C2

85.17.190.28:80

Signatures

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a.exe
    "C:\Users\Admin\AppData\Local\Temp\f9abb9d06c184267a2663080a74cef9b30840afe7062882668ba2bca3d329c2a.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\kaosdma.txt

    Filesize

    13B

    MD5

    17bcf11dc5f1fa6c48a1a856a72f1119

    SHA1

    873ec0cbd312762df3510b8cccf260dc0a23d709

    SHA256

    a7bf504871a46343c2feab9d923e01b9dca4e980b2e122ad55fd4dbb3f6c16d9

    SHA512

    9c12db4c6a105e767ff27048d2f8f19de5c9721ce6503dbb497aedcc1fc8b910a6fa43ec987fecd26794aff7440cb984744698fec5741dd73400a299dc3b2a25

  • memory/2564-5-0x0000000000400000-0x00000000005E2000-memory.dmp

    Filesize

    1.9MB