44caliber | ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22 | Triage

Submit
Reports

Overview

overview

Static

static

ca9d5e8d1c...22.exe

windows7_x64

ca9d5e8d1c...22.exe

windows10-2004_x64

Sharing

General

Target

ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22.bin
Size

2.2MB
Sample

220301-wt6cqacfer
MD5

afc947b8654fcfbb2d103b0ac29f6c9e
SHA1

0f09a1b78ed6f12d767aad515516637cb0b2b0cc
SHA256

ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22
SHA512

63bb86c6766f6c34e26d68c73b8d526ca94334375c3986ab81587515c7ac07dac1e12b1c2ab3be9a48e9fbb7009e35bd18d3285974fbb47db5cf1544236e3f3c

Score

10^/10

44caliber spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22.exe

Resource

win7-en-20211208

44caliber spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22.exe

Resource

win10v2004-en-20220113

44caliber spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/839168546582954067/texAC9z_H7M0ROD6-MdvYy3D-z8YyP9fYGPhFfDYeop5TtilvsKNxw5QrTXStp-JwQ9R

Targets

- Target
  
  ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22.bin
- Size
  
  2.2MB
- MD5
  
  afc947b8654fcfbb2d103b0ac29f6c9e
- SHA1
  
  0f09a1b78ed6f12d767aad515516637cb0b2b0cc
- SHA256
  
  ca9d5e8d1c89d2d5e17e8012fa40e590f1628c5aa473a489076d488aecc05b22
- SHA512
  
  63bb86c6766f6c34e26d68c73b8d526ca94334375c3986ab81587515c7ac07dac1e12b1c2ab3be9a48e9fbb7009e35bd18d3285974fbb47db5cf1544236e3f3c
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer

© 2018-2024

Terms | Privacy