Summary | ZeroBOX

f7juhkryu4.exe

Ficker Stealer PE32 PE File
Category Machine Started Completed
FILE s1_win7_x6402 June 17, 2021, 3:29 p.m. June 17, 2021, 3:32 p.m.
Size 266.5KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 270c3859591599642bd15167765246e3
SHA256 dee4bb7d46bbbec6c01dc41349cb8826b27be9a0dcf39816ca8bd6e0a39c2019
CRC32 D9D2C587
ssdeep 6144:Rxa4Hg2gf0jOrkOWnNwZvbMoq2T4qi+AHPHrr:JHg727Nwyo9Av/
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Ficker_Stealer_Zero - Ficker Stealer

IP Address Status Action
164.124.101.2 Active Moloch
172.217.25.14 Active Moloch
185.66.15.228 Active Moloch
23.21.245.0 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.102:49805 -> 23.21.245.0:80 2029622 ET POLICY External IP Lookup (ipify .org) Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

request GET http://api.ipify.org/?format=xml
domain api.ipify.org
section {u'size_of_data': u'0x00002e00', u'virtual_address': u'0x00037000', u'entropy': 6.918254569016699, u'name': u'.rdata', u'virtual_size': u'0x00002da8'} entropy 6.91825456902 description A section with a high entropy has been found
host 172.217.25.14
dead_host 185.66.15.228:80
Elastic malicious (high confidence)
MicroWorld-eScan Gen:Variant.Doina.7190
FireEye Generic.mg.270c385959159964
CAT-QuickHeal Trojan.Zudochka
McAfee GenericRXMH-DA!270C38595915
Cylance Unsafe
Zillya Trojan.Agent.Win32.2176835
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0001555e1 )
Alibaba TrojanDownloader:Win32/Stealer.f09fb7e0
K7GW Trojan ( 0001555e1 )
Cybereason malicious.959159
Cyren W32/Agent.CFX.gen!Eldorado
ESET-NOD32 a variant of Win32/Agent.UKB
APEX Malicious
Avast Win32:TrojanX-gen [Trj]
ClamAV Win.Trojan.FickerStealer-9805476-1
Kaspersky HEUR:Trojan.Win32.Zudochka.vho
BitDefender Gen:Variant.Doina.7190
NANO-Antivirus Trojan.Win32.Ficker.iqqcxe
Paloalto generic.ml
AegisLab Trojan.Win32.Zudochka.4!c
Ad-Aware Gen:Variant.Doina.7190
Sophos Mal/Generic-S
Comodo Malware@#23yxbayqoakan
DrWeb Trojan.PWS.Stealer.29929
VIPRE Trojan.Win32.Generic!BT
TrendMicro TrojanSpy.Win32.FICKERSTEALER.SMTH.hp
McAfee-GW-Edition BehavesLike.Win32.Injector.dh
Emsisoft Trojan.Agent (A)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.PSW.Ficker.ej
eGambit Unsafe.AI_Score_97%
Avira TR/Agent.bjchm
Antiy-AVL Trojan/Generic.ASMalwS.3374A20
Kingsoft Win32.Troj.Undef.(kcloud)
Microsoft TrojanDownloader:Win32/Stealer.CK!MTB
Gridinsoft Trojan.Win32.Downloader.sa
ViRobot Trojan.Win32.Z.Zudochka.272910
GData Gen:Variant.Doina.7190
Cynet Malicious (score: 100)
AhnLab-V3 Infostealer/Win.FickerStealer.R352614
BitDefenderTheta Gen:NN.ZexaF.34738.qGX@aOESqXf
ALYac Trojan.PSW.Ficker
VBA32 BScope.Trojan.Zudochka
Malwarebytes Spyware.FickerStealer
TrendMicro-HouseCall TrojanSpy.Win32.FICKERSTEALER.SMTH.hp
Tencent Win32.Trojan.Zudochka.Hooq
MAX malware (ai score=100)
MaxSecure Trojan.Malware.300983.susgen