General
-
Target
af48f5f3dad69a667accecd6c9c12f86
-
Size
603KB
-
Sample
240229-x4rsraaf66
-
MD5
af48f5f3dad69a667accecd6c9c12f86
-
SHA1
6b55cca1dc73758b15d022b2cd816c641d25defa
-
SHA256
922c83f2e572dc573347826d66ea1d9fcd4e1b7ec3359713c20e1958af26e8b7
-
SHA512
75c4ab2813952d8c6abe565b23f79bd98ead16ff4c5810aba0e0b99b5f802d56e750e67a696a10339a641f4ae915f20702b587db4bdb7625213a1460155e4a51
-
SSDEEP
12288:7XfGdZgSFyfmjyNywcnuqj07lzcMW0rwrsu:7vGf8mTwcnu1Jch3
Malware Config
Extracted
fickerstealer
80.87.192.115:80
Targets
-
-
Target
af48f5f3dad69a667accecd6c9c12f86
-
Size
603KB
-
MD5
af48f5f3dad69a667accecd6c9c12f86
-
SHA1
6b55cca1dc73758b15d022b2cd816c641d25defa
-
SHA256
922c83f2e572dc573347826d66ea1d9fcd4e1b7ec3359713c20e1958af26e8b7
-
SHA512
75c4ab2813952d8c6abe565b23f79bd98ead16ff4c5810aba0e0b99b5f802d56e750e67a696a10339a641f4ae915f20702b587db4bdb7625213a1460155e4a51
-
SSDEEP
12288:7XfGdZgSFyfmjyNywcnuqj07lzcMW0rwrsu:7vGf8mTwcnu1Jch3
Score10/10-
Fickerstealer
Ficker is an infostealer written in Rust and ASM.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-