MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88eacbf15adf320e4d4b67d6aa47c95d686d724f9e3abe1524167ee0fd668b6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FickerStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88eacbf15adf320e4d4b67d6aa47c95d686d724f9e3abe1524167ee0fd668b6a
SHA3-384 hash: d1117f71a1ba12972c4e314860afe640ce02bb773d625c53b2526f34724bf2bc7230f575ffe58b0707f734386f3d19d3
SHA1 hash: e118cb1aba2cee02f316aab9ce4f830ed3c3104c
MD5 hash: dc6d0ba607d87f22734dca4a6fd938f8
humanhash: triple-solar-earth-summer
File name:update.exe
Download: download sample
Signature FickerStealer
Create hunting rule
File size:342'030 bytes
First seen:2020-11-02 23:14:01 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 981eff196fcc5725b4b64cc55570c97a (1 x FickerStealer)
ssdeep 6144:BtGAF5w+7Gjcu7Z6ZlEOO9sxwurxWWvdZ1CxuxV3ow00:Bjw8GQu7YlEOSawukWVZ1jYK
Threatray 8 similar samples on MalwareBazaar
TLSH 0D74D010B790F432C05608315875F6F4357ABC616AB489477BD8EF6B2E322D1DAB638E
Reporter r3dbU7z
Tags:FickerStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/81900/
Detection(s):
SecuriteInfo.com.BackDoor.Generic12.AOUE.3057.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
DNS request
Sending an HTTP GET request
Creating a file
Reading critical registry keys
Delayed reading of the file
Sending a UDP request
Sending a TCP request to an infection source
Stealing user critical data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/518681
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88eacbf15adf320e4d4b67d6aa47c95d686d724f9e3abe1524167ee0fd668b6a/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-02 23:15:07 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rdvmx4k234za4tklm7lkur6jlvug24spty5l4fjecz7ob7lgrnva._file
Verdict:
suspicious
Similar samples:
31799b95716aafede8ee3743c0a3976a4367f3e7ac946be7fab519a50b7dc067
FickerStealer
3b547e3bd5f3040c824ea497f265bf355483cce29c4e059d16e04fba20325498
FickerStealer
81476a0591455602ec96e76fd76d781dc2da872e3c1909b58bda58a1851f6099
FickerStealer
a456769302254d2e6609a7832d93937572b7b73cca217873d7f60678414645e0
FickerStealer
b3cfbb058c0ecbd7da7f5bdd740fa729f7b0d9cf61f93b32750ce06745abc24c
FickerStealer
c9b2ba6f4adb6aa4bb3c15e92d6b51eaaa5c1efa14ad774be125d4d47fae7fb4
FickerStealer
dc021a0ca0bb3f66d54d15d2b236422c0b90399ea762c7d7aa6d727b9bd5b46c
FickerStealer
dc7f971af6d534662501decd86d0cb8d58392149a0cf06a236f6aec2490808aa
FickerStealer
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware
Link:
https://tria.ge/reports/201102-pl5w2qgvtx/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
88eacbf15adf320e4d4b67d6aa47c95d686d724f9e3abe1524167ee0fd668b6a
MD5 hash:
dc6d0ba607d87f22734dca4a6fd938f8
SHA1 hash:
e118cb1aba2cee02f316aab9ce4f830ed3c3104c
Link:
https://www.unpac.me/results/ede90603-af32-46bb-833f-4008aafd6798/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/88eacbf15adf320e4d4b67d6aa47c95d686d724f9e3abe1524167ee0fd668b6a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FickerStealer

Executable exe 88eacbf15adf320e4d4b67d6aa47c95d686d724f9e3abe1524167ee0fd668b6a

(this sample)

  
Link
https://analyze.intezer.com/#/files/88eacbf15adf320e4d4b67d6aa47c95d686d724f9e3abe1524167ee0fd668b6a
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/81900/

Comments