44caliber | c6181c98720e7976fdf7356503ae8ec501136ca26028796fee8e666813bd5e5d | Triage

Submit
Reports

Overview

overview

Static

static

c6181c9872...5d.exe

windows7_x64

c6181c9872...5d.exe

windows10-2004_x64

Sharing

General

Target

c6181c98720e7976fdf7356503ae8ec501136ca26028796fee8e666813bd5e5d.bin
Size

793KB
Sample

220301-wtyb4scfep
MD5

f559e77721d8cc5bd97e037c4b3472cc
SHA1

f6dda6d685285301e23fd51338d0977fb5e03a6e
SHA256

c6181c98720e7976fdf7356503ae8ec501136ca26028796fee8e666813bd5e5d
SHA512

64d6e8d0bc9862f9eab80d0fa95fdbb42eab44efed4a90abe1a6a0c8b1a308b5940d90740beb211dd6c375b8dd1fb1706a76f484ccf439cfc3bb2ae0aacb3dd9

Score

10^/10

44caliber evasion spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

c6181c98720e7976fdf7356503ae8ec501136ca26028796fee8e666813bd5e5d.exe

Resource

win7-20220223-en

44caliber evasion spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

c6181c98720e7976fdf7356503ae8ec501136ca26028796fee8e666813bd5e5d.exe

Resource

win10v2004-en-20220113

44caliber evasion spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/939927794656370699/MQUodH1jMxGoELXDI7vt3uVKvZAZN_FBkYRFlTiMVxHGCFnEzvPC7JNVH8-ESePeneQo

Targets

- Target
  
  c6181c98720e7976fdf7356503ae8ec501136ca26028796fee8e666813bd5e5d.bin
- Size
  
  793KB
- MD5
  
  f559e77721d8cc5bd97e037c4b3472cc
- SHA1
  
  f6dda6d685285301e23fd51338d0977fb5e03a6e
- SHA256
  
  c6181c98720e7976fdf7356503ae8ec501136ca26028796fee8e666813bd5e5d
- SHA512
  
  64d6e8d0bc9862f9eab80d0fa95fdbb42eab44efed4a90abe1a6a0c8b1a308b5940d90740beb211dd6c375b8dd1fb1706a76f484ccf439cfc3bb2ae0aacb3dd9
Score

10^/10

44caliber evasion spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

behavioral1

44caliberevasionspywarestealer

behavioral2

44caliberevasionspywarestealer

© 2018-2024

Terms | Privacy