MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0786b0ecb13a0fa33fb9269ce8a49ac1f986fcf4892b7b8c41edb73cba06482e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FickerStealer

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0786b0ecb13a0fa33fb9269ce8a49ac1f986fcf4892b7b8c41edb73cba06482e
SHA3-384 hash:	7a1bffaf3a15c0d35bd973ae432750c09e3f496cedcc601672a23e9ce0ac95c8d3c2a59b6a5dd9e052457928bedc6a1a
SHA1 hash:	02d868a3294b481a4579fd02b8cfe786f1f2e7c4
MD5 hash:	c26a267ea63d570e00bce752c3984f1e
humanhash:	wyoming-comet-carpet-yellow
File name:	0786b0ecb13a0fa33fb9269ce8a49ac1f986fcf4892b7b8c41edb73cba06482e
Download:	download sample
Signature	FickerStealer Create hunting rule
File size:	282'840 bytes
First seen:	2020-11-17 08:21:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	cb664df5fa904736e15ac44ff006d780 (10 x FickerStealer)
ssdeep	6144:TsySS012KpxFYAa0tWnylUH+0nR6sPFCvH4C:VSSavfyyyVQ
Threatray	30 similar samples on MalwareBazaar
TLSH	D954390AFD428D64C876BA3124FFF235C6359A1C442B512BDFAF9E04EA6F3909E4D146
Reporter	JAMESWT_WT
Tags:	FickerStealer Fort LLC

Code Signing Certificate

Organisation:	AAA Certificate Services
Issuer:	AAA Certificate Services
Algorithm:	sha1WithRSAEncryption
Valid from:	Jan 1 00:00:00 2004 GMT
Valid to:	Dec 31 23:59:59 2028 GMT
Serial number:	01
Intelligence:	382 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:	This certificate is on the Cert Central blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	D7A7A0FB5D7E2731D771E9484EBCDEF71D5F0C3E0A2948782BC83EE0EA699EF4
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

113

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Trojan.Generic-6629274-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

DNS request

Sending an HTTP GET request

Creating a file

Reading critical registry keys

Delayed reading of the file

Sending a TCP request to an infection source

Stealing user critical data

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

phis.troj.spyw

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/539168

Signature

May check the online IP address of the machine

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Instant Messenger accounts or passwords

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0786b0ecb13a0fa33fb9269ce8a49ac1f986fcf4892b7b8c41edb73cba06482e/

Threat name:

Win32.Trojan.Udochka

Status:

Malicious

First seen:

2020-11-13 02:25:37 UTC

File Type:

PE (Exe)

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=a6dlb3frhih2gp5ze2oorje2yh4yn7hurevxxdcb5w3tzoqgjaxa._file

Verdict:

unknown

FickerStealer

3c1b9541dbc076c9f22c1614de354abb24ea17f2452334d6d3b5ca12bd0eedb9

FickerStealer

3e1f7453aa2f3bc50b969bb46142a09ac3d68c01cec4fc3c0277fa124625d731

FickerStealer

7435af4d6932bb4ed3a26f1cd5ce81654c9b0fd25a9a4a6f7e821678df032168

FickerStealer

7d9779fbd1bf96300874dfb62e5756308807a2c16a83de2a3f2edab794215946

FickerStealer

9f34fa05d64045ba9833a00884d71bbbbdf4702b4417c15fc35c6308ea918a08

FickerStealer

ad7df9c3f3da564ae38fda8bfa0324a52ed98899696e763dae3bff7dad93262b

FickerStealer

c9b2ba6f4adb6aa4bb3c15e92d6b51eaaa5c1efa14ad774be125d4d47fae7fb4

FickerStealer

dc021a0ca0bb3f66d54d15d2b236422c0b90399ea762c7d7aa6d727b9bd5b46c

FickerStealer

efc9dc681fbad59d5fb6f1a66b433d6a7a7b7144444413d78f9d71dd184039ab

FickerStealer

+ 20 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery spyware

Link:

https://tria.ge/reports/201117-587y2qp2wj/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Looks up external IP address via web service

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

0786b0ecb13a0fa33fb9269ce8a49ac1f986fcf4892b7b8c41edb73cba06482e

MD5 hash:

c26a267ea63d570e00bce752c3984f1e

SHA1 hash:

02d868a3294b481a4579fd02b8cfe786f1f2e7c4

Link:

https://www.unpac.me/results/c3eab4aa-303a-4957-888e-6641ae4b0d69/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample