44caliber | 1b2b0f61bfd22c8c19a7fb3a1597966c690bc1c5c57ec7a6b9d8a9aeaa1bc5f9 | Triage

Sharing

General

Target

hyperbone.exe
Size

274KB
Sample

220805-nfghfahgdj
MD5

a7032dd7f36c5956e63c59963bdf4739
SHA1

2ea9b54e931c2dc3ac4abcf78af4d7d36727c8bf
SHA256

1b2b0f61bfd22c8c19a7fb3a1597966c690bc1c5c57ec7a6b9d8a9aeaa1bc5f9
SHA512

ce08b2404784aa8649e2d4a557d6e88105deb63d8f3a432209979368bcd69d93150658519efa348731b80524a8e18dc04a17d15b6688dff153a50cf131ee37a8

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/999704329843920927/nMJWFTtRMui1F-sfFrddoo689md-24vX0sQiTDlFgvG9FYl3vQXGKIHbQ6xddFlWg57E

Targets

- Target
  
  hyperbone.exe
- Size
  
  274KB
- MD5
  
  a7032dd7f36c5956e63c59963bdf4739
- SHA1
  
  2ea9b54e931c2dc3ac4abcf78af4d7d36727c8bf
- SHA256
  
  1b2b0f61bfd22c8c19a7fb3a1597966c690bc1c5c57ec7a6b9d8a9aeaa1bc5f9
- SHA512
  
  ce08b2404784aa8649e2d4a557d6e88105deb63d8f3a432209979368bcd69d93150658519efa348731b80524a8e18dc04a17d15b6688dff153a50cf131ee37a8
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer