Overview

overview

10

Static

static

10

63e0efb7ec...8e.exe

windows7_x64

10

63e0efb7ec...8e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    63e0efb7ec667e935cd34b2a76da22e48f816b5f98b3c14870b378f681f98c8e.zip

  • Size

    113KB

  • Sample

    220323-cwdkyaeaa9

  • MD5

    a70e971c2caafbe78b2140dbb81df299

  • SHA1

    5097540187689aa9621eae18b750c9e12bdde10e

  • SHA256

    7887903ccd5814fed9771191107018b53c41db9760007f3b6c1204c22f87db3c

  • SHA512

    3122a61ab8ee674274dc2d121cb67d79628dc98cb909bf22f8aa85ec11e128304a088d8ab714b9c39e474a4be30c017489dd91e98262bfaeabf5479764f90dcf

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/955224498146275348/pLxIEeiW2qrhrboJbcauxZQ0_RZDszpNNPmByT2Oic1imZEWt8KB4YmuUkeKx8HWKQuN

Targets

    • Target

      63e0efb7ec667e935cd34b2a76da22e48f816b5f98b3c14870b378f681f98c8e

    • Size

      274KB

    • MD5

      5aee3345a3ef18204fa6849a02275218

    • SHA1

      eaa6fde9136d6ad33230d5674d43b9b821f155ab

    • SHA256

      63e0efb7ec667e935cd34b2a76da22e48f816b5f98b3c14870b378f681f98c8e

    • SHA512

      d4406b0ca7e7755040620f3b37d7b84e8b2ded470f523a91022433b128a3fbd0e46cad962902e7f1d2ab25b8ac63f0d14201051824fe08fd76e0065f15401ea9

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks