44caliber | 347899570bba1cbaa4fe9149d71b7e2e07ea2d930d1bcb9e5762b242dd017887 | Triage

Submit
Reports

Overview

overview

Static

static

cheat-engi...04.exe

windows7_x64

cheat-engi...04.exe

windows10-2004_x64

Sharing

General

Target

cheat-engine-7-404.exe
Size

3.0MB
Sample

220519-ttn3bshed4
MD5

cdc4636a35c109b43f2898e13e8dc666
SHA1

1c0807042275593c79da97799153b72929dfb2d8
SHA256

347899570bba1cbaa4fe9149d71b7e2e07ea2d930d1bcb9e5762b242dd017887
SHA512

9498fd4c2fc65ae0b1294f4d37f6a0df50d92ffd9709f79ffd9606add19962c7493f68dc7f279e398fecf68d2b57f0f87db5f4d2e7df3f31364cce26dbd0e4ef

Score

10^/10

44caliber spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

cheat-engine-7-404.exe

Resource

win7-20220414-en

44caliber spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cheat-engine-7-404.exe

Resource

win10v2004-20220414-en

44caliber spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/973294177112686612/4QUQSbqvdZZd-DqEn3jQ1gWfu67yolKc4k1__wufBB-BWQv0dBmUKe8-IpUD-6DotJiV

Targets

- Target
  
  cheat-engine-7-404.exe
- Size
  
  3.0MB
- MD5
  
  cdc4636a35c109b43f2898e13e8dc666
- SHA1
  
  1c0807042275593c79da97799153b72929dfb2d8
- SHA256
  
  347899570bba1cbaa4fe9149d71b7e2e07ea2d930d1bcb9e5762b242dd017887
- SHA512
  
  9498fd4c2fc65ae0b1294f4d37f6a0df50d92ffd9709f79ffd9606add19962c7493f68dc7f279e398fecf68d2b57f0f87db5f4d2e7df3f31364cce26dbd0e4ef
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer

© 2018-2024

Terms | Privacy