44caliber | 3c8acfa90eed5ab18fd669bea9d494d9fb96f964d9040ee03ff9889dbaada294 | Triage

Submit
Reports

Overview

overview

Static

static

ExternalRun.exe

windows7_x64

ExternalRun.exe

windows10-2004_x64

Resubmissions

11-03-2022 15:30

220311-sxykhadbbp 10

09-03-2022 20:56

220309-zq4lhabga6 10

Sharing

General

Target

ExternalRun.exe
Size

274KB
Sample

220311-sxykhadbbp
MD5

63525b6ba838d80f0eb16a666ff30de2
SHA1

b11d70bf65b2b82df2c4aa46ac9dfce3c308b568
SHA256

3c8acfa90eed5ab18fd669bea9d494d9fb96f964d9040ee03ff9889dbaada294
SHA512

0709a2bb5d23ede0347e684a6512f0c282de68e3e7f1800ea1544e2f737cd77333bb0a496f6a0489d32df60e7d37760225e1fcac8d9905ae1b84d3de8ee348eb

Score

10^/10

44caliber discordurls spyware stealer trojan

Static task

static1

trojan stealer discordurls 44caliber

Behavioral task

behavioral1

Sample

ExternalRun.exe

Resource

win7-20220311-en

44caliber discordurls spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ExternalRun.exe

Resource

win10v2004-20220310-en

44caliber discordurls spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/947512216133980311/ImHpeYlo_A0Yhi0saM66pMBO7iLHhGK_k5MBohq8Jg4tn4gMe7dTpw1qEItYNQR_c9kp

Targets

- Target
  
  ExternalRun.exe
- Size
  
  274KB
- MD5
  
  63525b6ba838d80f0eb16a666ff30de2
- SHA1
  
  b11d70bf65b2b82df2c4aa46ac9dfce3c308b568
- SHA256
  
  3c8acfa90eed5ab18fd669bea9d494d9fb96f964d9040ee03ff9889dbaada294
- SHA512
  
  0709a2bb5d23ede0347e684a6512f0c282de68e3e7f1800ea1544e2f737cd77333bb0a496f6a0489d32df60e7d37760225e1fcac8d9905ae1b84d3de8ee348eb
Score

10^/10

44caliber discordurls spyware stealer trojan
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- DiscordWebhook
  Detect_Webhooks.
  trojan stealer
- Detects executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

trojanstealerdiscordurls44caliber

behavioral1

44caliberdiscordurlsspywarestealertrojan

behavioral2

44caliberdiscordurlsspywarestealertrojan

© 2018-2024

Terms | Privacy