The message gz attachment contains an exe file: the malware itself. Stolen data is exfiltrated via FTP.
Malware Hunter JAMESWT Technical Analysis
Cybercrime, the FickerStealer campaign is back via DocuSign and Hancitor. The email xls attachment of the email, which also arrived in Italy, contains a dll with Chanitor, which downloads the final malware
New wave of the FickerStealer campaign, passing through Hancitor and a fake mail notification from DocuSign.
The email xls attachment contains a dll with Hancitor (alias Chanitor). This then downloads the final malware.
The goal of cybercrime is to steal sensitive data from victims. FickerStealer, in fact, is an info-stealer that targets PCs with Windows operating system, from version XP to 10.