Overview

overview

10

Static

static

10

Neon — �...6).exe

windows7_x64

10

Neon — �...6).exe

windows10-2004_x64

10

Neon — �...7).exe

windows7_x64

10

Neon — �...7).exe

windows10-2004_x64

10

Neon — �...8).exe

windows7_x64

10

Neon — �...8).exe

windows10-2004_x64

10

Neon — �...9).exe

windows7_x64

10

Neon — �...9).exe

windows10-2004_x64

10

Neon — �...2).exe

windows7_x64

10

Neon — �...2).exe

windows10-2004_x64

10

Neon — �...0).exe

windows7_x64

10

Neon — �...0).exe

windows10-2004_x64

10

Neon — �...1).exe

windows7_x64

10

Neon — �...1).exe

windows10-2004_x64

10

Neon — �...2).exe

windows7_x64

10

Neon — �...2).exe

windows10-2004_x64

10

Neon — �...3).exe

windows7_x64

10

Neon — �...3).exe

windows10-2004_x64

10

Neon — �...4).exe

windows7_x64

10

Neon — �...4).exe

windows10-2004_x64

10

Neon — �...5).exe

windows7_x64

10

Neon — �...5).exe

windows10-2004_x64

10

Neon — �...6).exe

windows7_x64

10

Neon — �...6).exe

windows10-2004_x64

10

Neon — �...7).exe

windows7_x64

10

Neon — �...7).exe

windows10-2004_x64

10

Neon — �...8).exe

windows7_x64

10

Neon — �...8).exe

windows10-2004_x64

10

Neon — �...9).exe

windows7_x64

10

Neon — �...9).exe

windows10-2004_x64

10

Neon — �...я.exe

windows7_x64

10

Neon — �...я.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Neon.rar

  • Size

    2.3MB

  • Sample

    220314-rp8j3aadbk

  • MD5

    6bbd9443b21588a492e636ff3ffae9a1

  • SHA1

    97e6de76715c3448c5bc5b7bf60796726e50239e

  • SHA256

    58c9fcd2f426847639c5dc1ff65943c2d12285cbe02297f551038f82c0fec303

  • SHA512

    e472bc8ea4558e18ef056af5c187d9d0655d22326b6a5b95f8c1651fcd54f2bae517c7fc858cac2c23a319d91c15cd08b61e1342dba490b63786d1ce521c2c5c

Score
10/10
44caliberdiscordurlsspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/952308393677291551/Kwqtw7eOhhDiE0L0w2X3Hwo9TDPq265Rqw2_8lcfVw_arvjLeTNzn4AG-J-I4NctgVFh

Targets

    • Target

      Neon — копия (16).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Neon — копия (17).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      Neon — копия (18).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral5behavioral6

    • Target

      Neon — копия (19).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral7behavioral8

    • Target

      Neon — копия (2).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral9behavioral10

    • Target

      Neon — копия (20).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral11behavioral12

    • Target

      Neon — копия (21).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral13behavioral14

    • Target

      Neon — копия (22).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral15behavioral16

    • Target

      Neon — копия (3).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral17behavioral18

    • Target

      Neon — копия (4).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral19behavioral20

    • Target

      Neon — копия (5).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral21behavioral22

    • Target

      Neon — копия (6).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral23behavioral24

    • Target

      Neon — копия (7).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral25behavioral26

    • Target

      Neon — копия (8).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral27behavioral28

    • Target

      Neon — копия (9).exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral29behavioral30

    • Target

      Neon — копия.exe

    • Size

      274KB

    • MD5

      6d9153402403207366b080ff8154fe03

    • SHA1

      69c7ed7b664cecd5a721677588f0904d381a4a49

    • SHA256

      d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731

    • SHA512

      1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952

    Score
    10/10
    44caliberdiscordurlsspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

      discordurls

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

32
T1081

Discovery

Query Registry

16
T1012

System Information Discovery

16
T1082

Lateral Movement

Collection

Data from Local System

32
T1005

Exfiltration

Command and Control

Impact

Tasks

static1

discordurls44caliber
Score
10/10

behavioral1

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral2

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral3

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral4

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral5

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral6

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral7

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral8

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral9

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral10

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral11

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral12

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral13

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral14

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral15

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral16

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral17

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral18

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral19

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral20

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral21

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral22

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral23

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral24

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral25

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral26

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral27

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral28

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral29

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral30

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral31

44caliberdiscordurlsspywarestealer
Score
10/10

behavioral32

44caliberdiscordurlsspywarestealer
Score
10/10