MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe8717b83983c429b505312867e926d5a9aa659fb049168bc67791b00a8da205. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


FickerStealer


Vendor detections: 7


Intelligence 7 IOCs 1 YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe8717b83983c429b505312867e926d5a9aa659fb049168bc67791b00a8da205
SHA3-384 hash: bee39a0e5b680152b8ac03f9b3810e55e646bf288ebec35869622bdb4602fe124eb2e4a220cc83e0b2cfbbee6fba422e
SHA1 hash: 17ae84dbfbf49a6b31140fc85c516e02851318a6
MD5 hash: 2ae0267c2552cb508ccada9059902415
humanhash: maine-steak-nitrogen-pizza
File name:2AE0267C2552CB508CCADA9059902415.exe
Download: download sample
Signature FickerStealer
Create hunting rule
File size:3'319'762 bytes
First seen:2021-04-20 21:30:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ced282d9b261d1462772017fe2f6972b (127 x Formbook, 113 x GuLoader, 70 x RemcosRAT)
ssdeep 98304:H9xbO7N4hxtb/Pjat/o1ykrry3i6w0gjS:dxqotbut/o4kvyy61/
TLSH A4E5227B2342DEF9D44A203495911F1EB6862DAC57F84E04E1EF36EFD6395CAC3A8211
Reporter abuse_ch
Tags:exe FickerStealer


Avatar
abuse_ch
FickerStealer C2:
45.93.201.181:80

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
45.93.201.181:80 https://threatfox.abuse.ch/ioc/9314/

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
ther_FFmpegLibrary.exe
Verdict:
Malicious activity
Analysis date:
2021-04-18 09:34:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1f63425b-1a56-4b79-b6db-91e2149e9adb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/140601/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Creating a process from a recently created file
Sending a UDP request
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Reading critical registry keys
Delayed reading of the file
Replacing files
Launching a process
Launching a service
Stealing user critical data
Changing the Windows explorer settings
Setting a prohibition to launch some applications
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe8717b83983c429b505312867e926d5a9aa659fb049168bc67791b00a8da205/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2021-04-18 17:08:03 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=72drpobzqpcctnifgeugp2jg2wu2uzm7wbernc6go6i3acunuicq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware stealer
Link:
https://tria.ge/reports/210420-j33s4m3ye6/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Loads dropped DLL
Reads user/profile data of web browsers
Blocks application from running via registry modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fe8717b83983c429b505312867e926d5a9aa659fb049168bc67791b00a8da205

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/140601/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-20 22:22:17 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.032] Anti-Behavioral Analysis::Timing/Delay Check GetTickCount
1) [C0032.001] Data Micro-objective::CRC32::Checksum
2) [C0026.002] Data Micro-objective::XOR::Encode Data
5) [C0045] File System Micro-objective::Copy File
6) [C0046] File System Micro-objective::Create Directory
7) [C0048] File System Micro-objective::Delete Directory
8) [C0047] File System Micro-objective::Delete File
9) [C0049] File System Micro-objective::Get File Attributes
10) [C0051] File System Micro-objective::Read File
11) [C0050] File System Micro-objective::Set File Attributes
12) [C0052] File System Micro-objective::Writes File
13) [E1510] Impact::Clipboard Modification
14) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
15) [C0036.004] Operating System Micro-objective::Create Registry Key::Registry
16) [C0036.002] Operating System Micro-objective::Delete Registry Key::Registry
17) [C0036.007] Operating System Micro-objective::Delete Registry Value::Registry
18) [C0036.003] Operating System Micro-objective::Open Registry Key::Registry
19) [C0036.005] Operating System Micro-objective::Query Registry Key::Registry
20) [C0036.006] Operating System Micro-objective::Query Registry Value::Registry
21) [C0036.001] Operating System Micro-objective::Set Registry Key::Registry
22) [C0017] Process Micro-objective::Create Process
23) [C0038] Process Micro-objective::Create Thread
24) [C0018] Process Micro-objective::Terminate Process