44caliber | 943fbead0c78c80da198e3cb1dafadf34b0584c17dd9304d91f05f574c12c246 | Triage

Sharing

General

Target

Cheat installer.exe
Size

274KB
Sample

220304-v6lneafdh9
MD5

6649fec7c656c6ab0ae0a27daf3ebb8e
SHA1

e0dc4ad2ce0fc457f5979f41b0c4186756a7f40a
SHA256

943fbead0c78c80da198e3cb1dafadf34b0584c17dd9304d91f05f574c12c246
SHA512

ae13a1cd1e3a14798a8affa34a23f148706e8c12952a43d4b17dd2d9da0dbee6c5d29d1d77b6ef8d6b843ab852048f134431082a5342465da289f387644fcc0a

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/947181971019292714/gXE5T4ZQQF0yGOhuBSDhTkFXB0ut9ai71IZmOFvsdIaznalhyvQP0h45xCss-8W7KQCo

Targets

- Target
  
  Cheat installer.exe
- Size
  
  274KB
- MD5
  
  6649fec7c656c6ab0ae0a27daf3ebb8e
- SHA1
  
  e0dc4ad2ce0fc457f5979f41b0c4186756a7f40a
- SHA256
  
  943fbead0c78c80da198e3cb1dafadf34b0584c17dd9304d91f05f574c12c246
- SHA512
  
  ae13a1cd1e3a14798a8affa34a23f148706e8c12952a43d4b17dd2d9da0dbee6c5d29d1d77b6ef8d6b843ab852048f134431082a5342465da289f387644fcc0a
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer