fickerstealer | 4ca44bdbb7bf314ea7b4635adf0c514f9640888fa36f88da480f8c849a603994

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2025, 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hajdfjadf.exe
Size

421KB
MD5

107f4a58dc56c803088abb23d29b279c
SHA1

a5c6d9600c54e5d02d92ed442e4c8c196a94227b
SHA256

efc00db9c76fdbe84af2407b4cc94bbafaa06212176241606db3d11380f22738
SHA512

0dae540a4c97d2165c608f8ae9c784dca684bc83b82b67e3a3c0387f2858cd469d1437e7d11e822ddb9e2973c4cb45a9e75d3f6f41be00bd87b0edfcb2a45aec
SSDEEP

6144:oUVt8kFl+t/zuRqQHvYRg8alf92A+0cH6ePs//YohtnyvGW0rLAbx6dpLN4XQKJ3:ooFlOarUalF2Jizny+W0rS3

Score

10^/10

fickerstealer discovery infostealer

Malware Config

Extracted

Family

fickerstealer

otsoebabe.com:80

Signatures

Fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer
Fickerstealer family
fickerstealer

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	api.ipify.org

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hajdfjadf.exe

C:\Users\Admin\AppData\Local\Temp\hajdfjadf.exe
"C:\Users\Admin\AppData\Local\Temp\hajdfjadf.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\kaosdma.txt

Filesize
14B

MD5
e3eb2b4cff0d56624daa49116976aeb4

SHA1
234db53081db6fc733d22a896f6dac5068eb066a

SHA256
3b9efd080931e6b2d3b89e8dcd2655792329a41c4699ffade4b48288bfdb0ffd

SHA512
ab0ce3a7301fe64594408380f5d55c8ebf24b0c94527fd2b29ff83bb2a10ab57be5a9de4ef56f532b0002e921c74cae14db0cc0f86d79e49d9d14f073d65d12d

Download Submit
memory/4404-5-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download