44caliber | b54c282da9fa8cc50db1db517ecf34f47f56a5053d4c161eb44bcff8463358da | Triage

Sharing

General

Target

b54c282da9fa8cc50db1db517ecf34f47f56a5053d4c161eb44bcff8463358da
Size

3.1MB
Sample

220314-w1jgjachen
MD5

6578d9be5fb4897f662fb0d03483e180
SHA1

777d1e20cf2a663645dc2ddaba6c55b3bd6d1061
SHA256

b54c282da9fa8cc50db1db517ecf34f47f56a5053d4c161eb44bcff8463358da
SHA512

853d2d4bfb5314449ad2261fd03babd65660ef005d83736ed3e98ea9f7e7b24a47050bd93c26839a67bf50916890893ef113c4087ebb63e9605f82970e18e681

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/847554055823032344/s6_moo6eA2oloMQ3eCj7PZLl-oLloTBhcmvx-NIpGmanUeVMkMDi8R_Yywnb-HptWupH

Targets

- Target
  
  b54c282da9fa8cc50db1db517ecf34f47f56a5053d4c161eb44bcff8463358da
- Size
  
  3.1MB
- MD5
  
  6578d9be5fb4897f662fb0d03483e180
- SHA1
  
  777d1e20cf2a663645dc2ddaba6c55b3bd6d1061
- SHA256
  
  b54c282da9fa8cc50db1db517ecf34f47f56a5053d4c161eb44bcff8463358da
- SHA512
  
  853d2d4bfb5314449ad2261fd03babd65660ef005d83736ed3e98ea9f7e7b24a47050bd93c26839a67bf50916890893ef113c4087ebb63e9605f82970e18e681
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer