Overview

overview

10

Static

static

Auto Block.exe

windows7_x64

10

Auto Block.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Auto Block.exe.vir

  • Size

    2.2MB

  • Sample

    220617-wmfhqachbm

  • MD5

    006f5bbb2e6f9ce7d38edad078e753ba

  • SHA1

    ae6bcb7f694bee6e52be7e7dc75a1d9ced78f75f

  • SHA256

    98f61a34d1b53907d24096b09b5530b80ca42ce9dd4c50eafcc6fab3f45a0119

  • SHA512

    f4e6aafe806fc71a728a500fa80cce83044bbe979252228b74e60b88f73ded979e917cbef1a987db176f323b6027298de102f4e867fb99ffe28c1b50d667bfff

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/987320469264928788/XHGBPVVk0PqB5Bug7qHP2xnrZN4CfIIFQe0thEyFCmF2MEQleEN98ae4oIo8Q6KdiaA_

Targets

    • Target

      Auto Block.exe.vir

    • Size

      2.2MB

    • MD5

      006f5bbb2e6f9ce7d38edad078e753ba

    • SHA1

      ae6bcb7f694bee6e52be7e7dc75a1d9ced78f75f

    • SHA256

      98f61a34d1b53907d24096b09b5530b80ca42ce9dd4c50eafcc6fab3f45a0119

    • SHA512

      f4e6aafe806fc71a728a500fa80cce83044bbe979252228b74e60b88f73ded979e917cbef1a987db176f323b6027298de102f4e867fb99ffe28c1b50d667bfff

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks