Everything is finally running. Switching to a modern OS really helped out. Setting everything up was way easier since I knew what I was doing and what I was looking for. My sample of Ficker stealer was also able to run in the new VM without issues, I reverted to a previous snapshot afterwards. Having a new VM setup and running in an isolated network got me wondering if any differences would show up in any static analysis. I didn’t find anything too different, but I guess in the end I guess I expected that result. The biggest difference was I could now properly run dynamic analysis on the malware. I ran a bit of dynamic analysis mainly focused on finding where the malware was storing files before sending them out. I found that the malware didn’t actually write anything to memory, no files are written to a file or folder before being sent out. This means that all the stolen info is likely being sent out after it is captured, so I’ll have to change my approach on how to view these likely using a packet sniffer if the fake network activity doesn’t trip anything in the malware. I was also disappointed that I couldn’t find a GUI for the malware as PEiD said the malware was GUI based. I’ll be doing some more online research into the malware itself to see why that is, maybe I’ll find out some cool facts on it while I’m at it.