MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0d154ce286108dd1484845cabd99348f38b99b8f7dd64d8bfa9547a82a8bebf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FickerStealer


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0d154ce286108dd1484845cabd99348f38b99b8f7dd64d8bfa9547a82a8bebf
SHA3-384 hash: c86b9671b5f3077f077a7057ecdbc3cda4926b563f7b62e2fe3cf55fa627d30008bcc44605a72195434c28b3bff6f47d
SHA1 hash: d871f977fa6138a7d3fd4e9b4facbef2595430e4
MD5 hash: 36d94d32991f89194ee327f90f58986c
humanhash: coffee-triple-south-beer
File name:36d94d32991f89194ee327f90f58986c
Download: download sample
Signature FickerStealer
Create hunting rule
File size:759'296 bytes
First seen:2021-06-23 11:37:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1a648ebd2094332fd6fb5f72cf1c7971 (1 x FickerStealer, 1 x RaccoonStealer)
ssdeep 12288:/vYAHcql7tnD7MhXeQ+DceYODbQivepnpRMAEigVuRNuJYD7Hm0GhVHhrtRr:oscqzDQhX1ler8ivKpO9uRQJl3h5RH
Threatray 191 similar samples on MalwareBazaar
TLSH 7AF4BE36F3C08837D2B32938CD7A569444397AC829259C4A3EDE2B4C9F397857B72197
Reporter zbetcheckin
Tags:32 exe FickerStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
36d94d32991f89194ee327f90f58986c
Verdict:
Malicious activity
Analysis date:
2021-06-23 11:39:22 UTC
Tags:
evasion trojan ficker stealer
Link:
https://app.any.run/tasks/49562162-46a6-405f-865a-513062e96fbf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Ficker
Create hunting rule
Link:
https://www.capesandbox.com/analysis/167790/
Detection(s):
SecuriteInfo.com.Adware.Generic4.AANW.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
FickerStealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bb3c3bce-f988-4726-966b-47b79ee9a141
Result
Threat name:
Ficker Stealer
Create hunting rule
Detection:
malicious
Classification:
phis.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/806533
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Yara detected Ficker Stealer
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0d154ce286108dd1484845cabd99348f38b99b8f7dd64d8bfa9547a82a8bebf/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-06-23 11:38:12 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0786b0ecb13a0fa33fb9269ce8a49ac1f986fcf4892b7b8c41edb73cba06482e
FickerStealer
0decfc6bc9d5edf330d4bd96fe56d2350c3065305b2f99d70e3ffd6b2ae78308
FickerStealer
3d132b91ad83f720371df1bc4e5879fffe0e7bd24aafb374f9f3eeb752f7441f
FickerStealer
508453fada299cf0300c709a42a613a86f8f728fa5fae070f600e5fa2400d73d
FickerStealer
55c76c4160faaf104652eb6da27dda571da4c92a1d4be2e17885c7d0ff3bcbc8
FickerStealer
7d9779fbd1bf96300874dfb62e5756308807a2c16a83de2a3f2edab794215946
FickerStealer
94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1
FickerStealer
a6af404cb4c891c28895a5f311f6ead7c4007a5eb16b3be8c77630998a08895f
FickerStealer
ad7df9c3f3da564ae38fda8bfa0324a52ed98899696e763dae3bff7dad93262b
FickerStealer
efc9dc681fbad59d5fb6f1a66b433d6a7a7b7144444413d78f9d71dd184039ab
FickerStealer
+ 181 additional samples on MalwareBazaar
Result
Malware family:
fickerstealer
Create hunting rule
Score:
  10/10
Tags:
family:fickerstealer discovery infostealer spyware stealer
Link:
https://tria.ge/reports/210623-ce3kdt68h2/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
Reads local data of messenger clients
Reads user/profile data of web browsers
fickerstealer
Malware Config
C2 Extraction:
185.215.113.94:80
Unpacked files
SH256 hash:
f0d154ce286108dd1484845cabd99348f38b99b8f7dd64d8bfa9547a82a8bebf
MD5 hash:
36d94d32991f89194ee327f90f58986c
SHA1 hash:
d871f977fa6138a7d3fd4e9b4facbef2595430e4
Link:
https://www.unpac.me/results/12f65836-f0ee-4bd5-9109-438098e5d742/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f0d154ce286108dd1484845cabd99348f38b99b8f7dd64d8bfa9547a82a8bebf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

FickerStealer

Executable exe f0d154ce286108dd1484845cabd99348f38b99b8f7dd64d8bfa9547a82a8bebf

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1372392/
Cape
Cape
https://www.capesandbox.com/analysis/167790/

Comments