44caliber

Sharing

Copy URL

Twitter E-mail

General

Target

Neon.rar
Size

2.3MB
Sample

220314-rp8j3aadbk
MD5

6bbd9443b21588a492e636ff3ffae9a1
SHA1

97e6de76715c3448c5bc5b7bf60796726e50239e
SHA256

58c9fcd2f426847639c5dc1ff65943c2d12285cbe02297f551038f82c0fec303
SHA512

e472bc8ea4558e18ef056af5c187d9d0655d22326b6a5b95f8c1651fcd54f2bae517c7fc858cac2c23a319d91c15cd08b61e1342dba490b63786d1ce521c2c5c

Score

10^/10

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/952308393677291551/Kwqtw7eOhhDiE0L0w2X3Hwo9TDPq265Rqw2_8lcfVw_arvjLeTNzn4AG-J-I4NctgVFh

Targets

- Target
  
  Neon — копия (16).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Neon — копия (17).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  Neon — копия (18).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6
- Target
  
  Neon — копия (19).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8
- Target
  
  Neon — копия (2).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral9 behavioral10
- Target
  
  Neon — копия (20).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral11 behavioral12
- Target
  
  Neon — копия (21).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral13 behavioral14
- Target
  
  Neon — копия (22).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral15 behavioral16
- Target
  
  Neon — копия (3).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral17 behavioral18
- Target
  
  Neon — копия (4).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral19 behavioral20
- Target
  
  Neon — копия (5).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral21 behavioral22
- Target
  
  Neon — копия (6).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral23 behavioral24
- Target
  
  Neon — копия (7).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral25 behavioral26
- Target
  
  Neon — копия (8).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral27 behavioral28
- Target
  
  Neon — копия (9).exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral29 behavioral30
- Target
  
  Neon — копия.exe
- Size
  
  274KB
- MD5
  
  6d9153402403207366b080ff8154fe03
- SHA1
  
  69c7ed7b664cecd5a721677588f0904d381a4a49
- SHA256
  
  d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
- SHA512
  
  1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Detected executables Discord URL observed in first stage droppers

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service