44caliber

General

Target

93667713af8e23ecde25e78d05f762ecd77d8a7b8667ec78a3cafbf43d724c4f
Size

666KB
Sample

220323-lfhz6abfe8
MD5

92493532531788040b78f62f00c1d5d6
SHA1

e9a348440a7c42b4b9416830dba158f2c51fa68f
SHA256

93667713af8e23ecde25e78d05f762ecd77d8a7b8667ec78a3cafbf43d724c4f
SHA512

b0b6e704ff091318de64a05ce66a029831cb091d95257b184486b5369d22369cc1121a6eff304abce254ad760ba29dbc7cfcb2cd12261a50050e7728415ff818

Score

10^/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/947445080342556692/k5eX_haEP42zYxqA0vzh33TmF53CrHI3NFO_LEsqnIXkOW8GqH66QMKAvOSZ3Fkkfhjh

Extracted

Family

njrat

Version

Njrat 0.7 Golden By Hassan Amiri

Botnet

HacKed

C2

127.0.0.1:25565

Mutex

Windows Update

Attributes

reg_key
Windows Update
splitter
|Hassan|

Targets

- Target
  
  93667713af8e23ecde25e78d05f762ecd77d8a7b8667ec78a3cafbf43d724c4f
- Size
  
  666KB
- MD5
  
  92493532531788040b78f62f00c1d5d6
- SHA1
  
  e9a348440a7c42b4b9416830dba158f2c51fa68f
- SHA256
  
  93667713af8e23ecde25e78d05f762ecd77d8a7b8667ec78a3cafbf43d724c4f
- SHA512
  
  b0b6e704ff091318de64a05ce66a029831cb091d95257b184486b5369d22369cc1121a6eff304abce254ad760ba29dbc7cfcb2cd12261a50050e7728415ff818
Score

10^/10

44caliber njrat hacked spyware stealer trojan
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

njRAT/Bladabindi

Executes dropped EXE

Checks computer location settings

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2