Fickle Stealer Distributed via Multiple Attack Chain

June 20, 2024, 5:42 p.m.

Description

In May 2024, FortiGuard Labs observed a Rust-based stealer. In addition to its intricate code, the stealer is distributed using a variety of strategies and has a flexible way of choosing its target.

External References

https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain
https://otx.alienvault.com/pulse/667468b707a8bdb79f73d877
Tags
vba
infostealer
rust
2024-06-20
docx
fickle stealer
pdf viewer

Date

  • Created: June 20, 2024, 5:36 p.m.
  • Published: June 20, 2024, 5:36 p.m.
  • Modified: June 20, 2024, 5:42 p.m.

Indicators

  • 9f7591c9d9bc66029e6a341a4fb8828361fc14b1918f9e35506c608359fa1eec
  • 93db0d88966519e76db4995a3b67ca548e4aa9675806295a790eedf585e0aa2f
  • f080d7803ce1a1b9dc72da6ddf0dd17e23eb8227c497f09aa7dfd6f3b5be3a66
  • b57caa40f680d468bbf811e798ef9881d6158fb3462dd9bedb4658d17aed44a5
  • 26fa0ccc5c7b7733ee6ffc2c70edef067b6764387ef1b16cb8005f28c34a3d84
  • effb85aaef61cd8918d66513da1573365be2743ec263be4029a6b827e3ecc1c6
  • e394f96ee040508063606343b1ad2158e266dcbd8beb3ba4a23936d1957e5ad6
  • 978400108aa16e464b1fbc300bc270bc89193e3c3890d5e9373b3034b592b4da
  • 09b47fd0e1fcab827d1a723f9db7e402502ec91e57b7217ed85094abd98bc637
  • bfe2d817e20ecff45cc92b7b8f4e1cd0482b48a769940402eaa5b31cbfb9b908
  • b7bdb0cc90b11c4738c2af218a1a53e4c65b6c91c6067c224164b8fcfc3eed8c
  • f878a88b7dda1155fe939abe0500e32d5fba34569ca933bccb5603d9e0e96cc0
  • 9ce52929765433ff8bf905764d7b83c4c3fcbefb4f12eabcf16ee3dddcd3759d
  • a641d10798be5224c8c32dfaab0dd353cd7bb06a2d57d9630e13fb1975d03a53
  • e9bc44cf548a70e7285499209973faf44b7374dece1413dfcdc03bf25a6c599c
  • 5f24168581cdaef32e60a62ba7123917bbe65f2f8410d759f345587eb406be40
  • 62ff72aa8a8c5bccdf6c789952ee054a0d0d479e417fa20ea73a936e17bdf043
  • 70363b97f955e5d30fb8d3a8d2a439303f88707420c05f051f87e0458fdfffc2
  • bf8b8f964d1c67aee82ad01528423077ef5e6c65de6d95e446c9343868849350
  • 4602d8f9e2150744e89958d813354696abe6800ee55ef70c48db3134e964a13a
  • b05736874d383ed2e8dcc9d392f2c04e0fd545b8880620499d720c44adb18822
  • 46caee016da4b460f7c242e19a88e8dc7544ded7d2528b0b9e918a7be64b5ceb
  • 0494077ac65aa278680002f3b73c61c8896303668c62139a9db5a042923fd0ce
  • 47e4142fa6ab10a2d7dc0423d41f9bdbb3ced0f4fae5c58b673386d11dd8c973
  • 7b9e09227b036428a41dd46b6d6e354bb0c3822ce201c1a14d083116916e078d
  • a04677fe4ba06b66f698e4969b749174d30477283d97b5eaee16ffeb305d9c0a
  • 24e44d000a61de06b63b532ef237d9f41aa897f4d9f46f8abaf9e654074a65af
  • 94ee2227696da3049ff67592834b4b6f98186f91e6d1cd1eeec44f24b9df754b
  • f71069aed94e4b13d70bd9ee7b2a8fc8580c4339aa9ba9d8baf15abf95d6f673
  • 20e1d7af698e3e2f5092815be1a0415019511da99550fdcc050741f4b47551fa
  • 346e18b7ce2e3c3c5412dacdc8034a7566dee12ea0aafc6b82f196dcba2453f8
  • d55611fce7fcdd6b49066b194196577ee12bffa98400b724d013fc3a1e254f34
  • 4d78793719d14f92f5bb9ecc7c2fa9e51c1bf332de26aa7746f35d7e42362db8
  • 679e9ba645e17cceeff14be7f5f7dff8582d68eba5712c5928a092e1eec55c84
  • d9dcae235891f206d1baabfcbd79cb80337b5e462adef9516b94efc696b596b7
  • 5fbd700bd77d3f632ba6ce148281c74a20391a40c7984f108f63a20dc442f8d6
  • 011992cfa6abaeb71d0bb6fc05f1b5623b5e710c8c711bca961bf99d0e4cae38
  • 97e5ac8642f413ba4b272d3cb74cba3e890b7a3f7a7935e6ca58944dbb9bfe54
  • c6c6304fea3fd6f906e45544b2e5119c24cda295142ed9fafd2ec320f5ff41cc
  • 7034d351ce835d4905064d2b3f14adb605374a4a6885c23390db9eddd42add86
  • 8d3ccfafc39830ee2325170e60a44eca4a24c9c4dd682a84fa60c961a0712316
  • 3ad1c2273ee77845117c0f7f55bf0050b0bcea52851d410520a694252b7bb187
  • 2236ffcf2856d5c9c2dedf180654cf318596614be450f6b24621dc13d7370dbf
  • 6f9f65c2a568ca65326b966bcf8d5b7bfb5d8ddea7c258f58b013bc5e079308b
  • 48e2b9a7b8027bd03ceb611bbfe48a8a09ec6657dd5f2385fc7a75849bb14db1
  • 9ffc6a74b88b66dd269d006dec91b8b53d51afd516fe2326c6f9e3ed81d860ae
  • 8e87ab1bb9870de9de4a7b409ec9baf8cae11deec49a8b7a5f73d0f34bea7e6f
  • ad57cc0508d3550caa65fcb9ee349c4578610970c57a26b7a07a8be4c8b9bed9
  • 1b48ee91e58f319a27f29d4f3bb62e62cac34779ddc3b95a0127e67f2e141e59
  • 138.124.184.210
  • 185.213.208.245
  • 144.208.127.230
  • https://github.com/SkorikJR
Download all indicators here!

Attack Patterns

  • Fickle Stealer
  • T1548
  • T1113
  • T1070
  • T1036
  • T1140
  • T1059