MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FickerStealer

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3
SHA3-384 hash:	f1423737b274558d659ec84e2dc044e7b0f73a8fca49cb5bac52e7b0ce21bac8a053a9c3654bcf4e28fbafa2793d0200
SHA1 hash:	974c46a807d2d680dad5b6d63c38dd0e06e1ed68
MD5 hash:	1db6bd4d13cb9966e8875b3812aef71d
humanhash:	batman-maine-pizza-wolfram
File name:	1db6bd4d13cb9966e8875b3812aef71d.exe
Download:	download sample
Signature	FickerStealer Create hunting rule
File size:	272'910 bytes
First seen:	2020-11-05 15:12:17 UTC
Last seen:	2022-11-30 06:07:09 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	cb664df5fa904736e15ac44ff006d780 (10 x FickerStealer)
ssdeep	6144:RQp4Potn6r86+hePn9VCqqNlFozawUDO/XwOt60v9a+:ip4K4n1221D
Threatray	28 similar samples on MalwareBazaar
TLSH	1144284AFD4289A4C87ABA3124FFF235D6359A1C441B902BDFAF9F00EA6F3409D5D146
Reporter	abuse_ch
Tags:	exe FickerStealer

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/83288/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Siggen2.58564.1685.20684.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

DNS request

Sending an HTTP GET request

Creating a file

Sending a custom TCP request

Reading critical registry keys

Delayed reading of the file

Stealing user critical data

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

phis.troj.spyw

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/521644

Signature

Found many strings related to Crypto-Wallets (likely being stolen)

May check the online IP address of the machine

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Instant Messenger accounts or passwords

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3/

Threat name:

Win32.Ransomware.Zudochka

Status:

Malicious

First seen:

2020-11-04 17:05:10 UTC

File Type:

PE (Exe)

AV detection:

35 of 48 (72.92%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=tpn3rxpjvwn6rwjqhxyws7qtud4entfjlpe6ihkrhqpv6kt2g6zq._file

Verdict:

unknown

FickerStealer

7d9779fbd1bf96300874dfb62e5756308807a2c16a83de2a3f2edab794215946

FickerStealer

85467ed5f4ebf4fff082a35f3d97194f5e82d4e6d3712bb950874c665548018b

FickerStealer

86995c6af264f6f9eeb381bbe0578ba59b3134a38b57345910bf958a222abf3b

FickerStealer

9d8cb1204c8357152aec8acbf14092de7edd88189eaa6f9cfb8b9b8dbff001e8

FickerStealer

9f34fa05d64045ba9833a00884d71bbbbdf4702b4417c15fc35c6308ea918a08

FickerStealer

ad7df9c3f3da564ae38fda8bfa0324a52ed98899696e763dae3bff7dad93262b

FickerStealer

b1c680e9e56f42c48ca592fcd688500fb073ee3fdd8a36c584ab86cae9a225a0

FickerStealer

c9b2ba6f4adb6aa4bb3c15e92d6b51eaaa5c1efa14ad774be125d4d47fae7fb4

FickerStealer

efc9dc681fbad59d5fb6f1a66b433d6a7a7b7144444413d78f9d71dd184039ab

FickerStealer

+ 18 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery spyware

Link:

https://tria.ge/reports/201105-g5mxsc6gmn/

Behaviour

Checks processor information in registry

Suspicious behavior: EnumeratesProcesses

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Looks up external IP address via web service

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3

MD5 hash:

1db6bd4d13cb9966e8875b3812aef71d

SHA1 hash:

974c46a807d2d680dad5b6d63c38dd0e06e1ed68

Link:

https://www.unpac.me/results/983df2f4-3fc6-4135-bd1d-df75890f137c/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FickerStealer

exe 9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3

(this sample)

Cape

https://www.capesandbox.com/analysis/83288/

URLhaus

https://urlhaus.abuse.ch/url/788981/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/790093/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample