Fickle Stealer Distributed via Multiple Attack Chain
June 20, 2024, 5:42 p.m.
Tags
External References
Description
In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed using a variety of strategies and has a flexible way of choosing its target.
Date
Published: June 20, 2024, 5:36 p.m.
Created: June 20, 2024, 5:36 p.m.
Modified: June 20, 2024, 5:42 p.m.
Indicators
9f7591c9d9bc66029e6a341a4fb8828361fc14b1918f9e35506c608359fa1eec
93db0d88966519e76db4995a3b67ca548e4aa9675806295a790eedf585e0aa2f
f080d7803ce1a1b9dc72da6ddf0dd17e23eb8227c497f09aa7dfd6f3b5be3a66
b57caa40f680d468bbf811e798ef9881d6158fb3462dd9bedb4658d17aed44a5
26fa0ccc5c7b7733ee6ffc2c70edef067b6764387ef1b16cb8005f28c34a3d84
effb85aaef61cd8918d66513da1573365be2743ec263be4029a6b827e3ecc1c6
e394f96ee040508063606343b1ad2158e266dcbd8beb3ba4a23936d1957e5ad6
978400108aa16e464b1fbc300bc270bc89193e3c3890d5e9373b3034b592b4da
09b47fd0e1fcab827d1a723f9db7e402502ec91e57b7217ed85094abd98bc637
bfe2d817e20ecff45cc92b7b8f4e1cd0482b48a769940402eaa5b31cbfb9b908
b7bdb0cc90b11c4738c2af218a1a53e4c65b6c91c6067c224164b8fcfc3eed8c
f878a88b7dda1155fe939abe0500e32d5fba34569ca933bccb5603d9e0e96cc0
9ce52929765433ff8bf905764d7b83c4c3fcbefb4f12eabcf16ee3dddcd3759d
a641d10798be5224c8c32dfaab0dd353cd7bb06a2d57d9630e13fb1975d03a53
e9bc44cf548a70e7285499209973faf44b7374dece1413dfcdc03bf25a6c599c
5f24168581cdaef32e60a62ba7123917bbe65f2f8410d759f345587eb406be40
62ff72aa8a8c5bccdf6c789952ee054a0d0d479e417fa20ea73a936e17bdf043
70363b97f955e5d30fb8d3a8d2a439303f88707420c05f051f87e0458fdfffc2
bf8b8f964d1c67aee82ad01528423077ef5e6c65de6d95e446c9343868849350
4602d8f9e2150744e89958d813354696abe6800ee55ef70c48db3134e964a13a
b05736874d383ed2e8dcc9d392f2c04e0fd545b8880620499d720c44adb18822
46caee016da4b460f7c242e19a88e8dc7544ded7d2528b0b9e918a7be64b5ceb
0494077ac65aa278680002f3b73c61c8896303668c62139a9db5a042923fd0ce
47e4142fa6ab10a2d7dc0423d41f9bdbb3ced0f4fae5c58b673386d11dd8c973
7b9e09227b036428a41dd46b6d6e354bb0c3822ce201c1a14d083116916e078d
a04677fe4ba06b66f698e4969b749174d30477283d97b5eaee16ffeb305d9c0a
24e44d000a61de06b63b532ef237d9f41aa897f4d9f46f8abaf9e654074a65af
94ee2227696da3049ff67592834b4b6f98186f91e6d1cd1eeec44f24b9df754b
f71069aed94e4b13d70bd9ee7b2a8fc8580c4339aa9ba9d8baf15abf95d6f673
20e1d7af698e3e2f5092815be1a0415019511da99550fdcc050741f4b47551fa
346e18b7ce2e3c3c5412dacdc8034a7566dee12ea0aafc6b82f196dcba2453f8
d55611fce7fcdd6b49066b194196577ee12bffa98400b724d013fc3a1e254f34
4d78793719d14f92f5bb9ecc7c2fa9e51c1bf332de26aa7746f35d7e42362db8
679e9ba645e17cceeff14be7f5f7dff8582d68eba5712c5928a092e1eec55c84
d9dcae235891f206d1baabfcbd79cb80337b5e462adef9516b94efc696b596b7
5fbd700bd77d3f632ba6ce148281c74a20391a40c7984f108f63a20dc442f8d6
011992cfa6abaeb71d0bb6fc05f1b5623b5e710c8c711bca961bf99d0e4cae38
97e5ac8642f413ba4b272d3cb74cba3e890b7a3f7a7935e6ca58944dbb9bfe54
c6c6304fea3fd6f906e45544b2e5119c24cda295142ed9fafd2ec320f5ff41cc
7034d351ce835d4905064d2b3f14adb605374a4a6885c23390db9eddd42add86
8d3ccfafc39830ee2325170e60a44eca4a24c9c4dd682a84fa60c961a0712316
3ad1c2273ee77845117c0f7f55bf0050b0bcea52851d410520a694252b7bb187
2236ffcf2856d5c9c2dedf180654cf318596614be450f6b24621dc13d7370dbf
6f9f65c2a568ca65326b966bcf8d5b7bfb5d8ddea7c258f58b013bc5e079308b
48e2b9a7b8027bd03ceb611bbfe48a8a09ec6657dd5f2385fc7a75849bb14db1
9ffc6a74b88b66dd269d006dec91b8b53d51afd516fe2326c6f9e3ed81d860ae
8e87ab1bb9870de9de4a7b409ec9baf8cae11deec49a8b7a5f73d0f34bea7e6f
ad57cc0508d3550caa65fcb9ee349c4578610970c57a26b7a07a8be4c8b9bed9
1b48ee91e58f319a27f29d4f3bb62e62cac34779ddc3b95a0127e67f2e141e59
138.124.184.210
185.213.208.245
144.208.127.230
https://github.com/SkorikJR
Attack Patterns
Fickle Stealer
T1548
T1113
T1070
T1036
T1140
T1059