General
-
Target
Neon.rar
-
Size
1.7MB
-
Sample
220314-rsgkraaddq
-
MD5
d1d0b10dfa62076f91e5cb8d668e714f
-
SHA1
22ddec9aeb22653b8bbef90076dd2d96c78a832d
-
SHA256
602f65959183b841ab694bba653d00844539c4be261c76c0cf78cb11b2dba90e
-
SHA512
1f3327e67ea1108d78951278c44f978ec84112a0d2c5502b8b083ae0e3fd19344075d9573c75e201793f5f6180fa89ae9904fe02d73d21117928c4c88dee7f3a
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/952308393677291551/Kwqtw7eOhhDiE0L0w2X3Hwo9TDPq265Rqw2_8lcfVw_arvjLeTNzn4AG-J-I4NctgVFh
Targets
-
-
Target
Neon — копия (10).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (11).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (12).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (13).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (14).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (15).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (16).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (2).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (3).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (4).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (5).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (6).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (7).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (8).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия (9).exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Neon — копия.exe
-
Size
274KB
-
MD5
6d9153402403207366b080ff8154fe03
-
SHA1
69c7ed7b664cecd5a721677588f0904d381a4a49
-
SHA256
d7450131c835b2df9dcea263bf7f73d03238698a63b6a6fe9faa35ea59439731
-
SHA512
1e1704138ec5a8065afcedf78c3225a0ce2ee6c33459f52933c9b447eab18ae9eb457a6bf207b4afbfa7790af2788beee3f3b431cafcb2bc3a5a4f4ab224a952
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-