Extracted

• • Target

    YammyLoader.bin

  • Size

    274KB

  • MD5

    d058d933c1f937a964c6c3ecd3c56a6b

  • SHA1

    1a698f15a55c1cf90c764e331b74a80194cba800

  • SHA256

    0902f659e8b8cad29f1e60defaf2e6389f2e94044e4995638b04a4c659bd134c

  • SHA512

    8c91a82e29edc4e7614f1f6cae38951301560168acd2bc656d12b7774729e5977bb28feba6a9fcc09dac13ef9dd98c04a3bce80914a3233e3708965e134db0da

  Score

  10^/10

  44caliberdiscoverypersistencespywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1