General

  • Target

    f4e2d60c89b54fb08cc1c076c24ddc32eb9c76edd755d0482393ece4ec7cc88c.bin

  • Size

    274KB

  • Sample

    220301-wvf48abah9

  • MD5

    12f3e4333d55b5d594b92ce287f07cba

  • SHA1

    cd61c5c8d69eae04e6664fc73de00b321cd6e0ad

  • SHA256

    f4e2d60c89b54fb08cc1c076c24ddc32eb9c76edd755d0482393ece4ec7cc88c

  • SHA512

    db636c9840e7848c42c848378bd67f7b709ec8ed23054e52b91c1a83a87016fd6aa13a88d2255d3f7513f339cd47caca9b7b3539164d0d5c0c8599862d7a6417

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/944694495864324096/JxSzUctA9w9IsAKny1lOVf3Zmy8rRcGtIlJwQG2L-mP1ThdvUPHl6Hed3NdVLXwrPJ4m

Targets

    • Target

      f4e2d60c89b54fb08cc1c076c24ddc32eb9c76edd755d0482393ece4ec7cc88c.bin

    • Size

      274KB

    • MD5

      12f3e4333d55b5d594b92ce287f07cba

    • SHA1

      cd61c5c8d69eae04e6664fc73de00b321cd6e0ad

    • SHA256

      f4e2d60c89b54fb08cc1c076c24ddc32eb9c76edd755d0482393ece4ec7cc88c

    • SHA512

      db636c9840e7848c42c848378bd67f7b709ec8ed23054e52b91c1a83a87016fd6aa13a88d2255d3f7513f339cd47caca9b7b3539164d0d5c0c8599862d7a6417

    • 44Caliber

      An open source infostealer written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks