Overview

overview

10

Static

static

10

7b707d7788...f8.exe

windows7-x64

5

7b707d7788...f8.exe

windows10-2004-x64

5

7be6c0d38e...ce.exe

windows7-x64

10

7be6c0d38e...ce.exe

windows10-2004-x64

10

8e9d85ae52...28.exe

windows7-x64

3

8e9d85ae52...28.exe

windows10-2004-x64

3

a246c7a036...82.exe

windows7-x64

10

a246c7a036...82.exe

windows10-2004-x64

8

a8a9389353...c4.exe

windows7-x64

10

a8a9389353...c4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2024 18:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8a9389353cbc3155ef587c59f6f2e250740cbad4c7bd1c6f3ff501652f593c4.exe

  • Size

    535KB

  • MD5

    24529921569a021456436d4088937002

  • SHA1

    e51ed743a9b4e639c44e9dd01879ed9861301374

  • SHA256

    a8a9389353cbc3155ef587c59f6f2e250740cbad4c7bd1c6f3ff501652f593c4

  • SHA512

    508aedf4215b944ce454c89134d19cc1bb51d3eebfada2c5a75cb53d271c5ac1cead074cd61c784eceb7ac8a70fbefb14ecf42e7635218ca85188da3348f6112

  • SSDEEP

    6144:TPMsDJ+WdooOjnbd77EfncL62UhKCx6jB3MW0rLAb56dpLN4XQKJrsu:TPM0JTKo8np8Pce2UhDx613MW0rwrsu

Score
10/10
fickerstealerdiscoveryinfostealer

Malware Config

Extracted

Family

fickerstealer

C2

80.87.192.115:80

Signatures

  • Fickerstealer

    Ficker is an infostealer written in Rust and ASM.

    infostealerfickerstealer
  • Fickerstealer family
    fickerstealer
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8a9389353cbc3155ef587c59f6f2e250740cbad4c7bd1c6f3ff501652f593c4.exe
    "C:\Users\Admin\AppData\Local\Temp\a8a9389353cbc3155ef587c59f6f2e250740cbad4c7bd1c6f3ff501652f593c4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Users\Admin\AppData\Local\Temp\a8a9389353cbc3155ef587c59f6f2e250740cbad4c7bd1c6f3ff501652f593c4.exe
      "C:\Users\Admin\AppData\Local\Temp\a8a9389353cbc3155ef587c59f6f2e250740cbad4c7bd1c6f3ff501652f593c4.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\kaosdma.txt
    Filesize

    14B

    MD5

    2c807857a435aa8554d595bd14ed35d1

    SHA1

    9003a73beceab3d1b1cd65614347c33117041a95

    SHA256

    3c4fae56f61b7cdf09709c2aaf65ca47d3bf9077b1e5eb0eb1e6c5c34923eb9b

    SHA512

    95c6fa9f5b342ef34d896f083700ee12d55723e24aff42805bac5c1aa73f07d0db4f9d435d31a61da187edc2336252dfb38529b3f2b1d2039aa2a8e65d64a7a9

    Download Submit

  • memory/2684-2-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-7-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2684-8-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2684-4-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2684-14-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2820-0-0x0000000000220000-0x0000000000247000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2820-1-0x0000000000300000-0x0000000000347000-memory.dmp

    Filesize

    284KB

    Download

  • memory/2820-5-0x0000000000220000-0x0000000000247000-memory.dmp

    Filesize

    156KB

    Download