Resubmissions

12-07-2023 17:45

230712-wbrrlsec33 10

12-07-2023 17:29

230712-v2m1nseb79 10

General

  • Target

    Neon v2.rar

  • Size

    103KB

  • Sample

    230712-v2m1nseb79

  • MD5

    f38b27745d24cc16c2d3c6e5fe933e7e

  • SHA1

    bfc30c46362584622a863cf153ef8eabeb838c6f

  • SHA256

    b1e22731feaa39630fdc4ce2f145dee3984d5c8ec57e67d681c2bec7c0c3ebc9

  • SHA512

    a43beb185f76b8503bc8768e8477b827fb2a7faa317fc52de758c43ab82f3484415077450a29596f9c0087a5d637888c8d0514218750fc5f35c0fd777a666ccf

  • SSDEEP

    1536:/vs6Xqj51478GgTnDdwsJ1RDJiXIAD1eAvG5FpvouWfx6s5/GkK1iPzimAuRExbw:XkkgTDdwsJDBLiWQss8uziCRE1A/CM

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/956477791124205569/zhz-iUwTtwf3ND8UdSeoNmdX8X4ElZBSxqhFrwstZ6oV5o-CWZxANYz737UasCARyImg

Targets

    • Target

      Neon v2/Neon v2.exe

    • Size

      274KB

    • MD5

      1c135a7b80703354a6d8bac14381447d

    • SHA1

      7562f7ba852f7ff91b6ef10647417bd54ff55c6c

    • SHA256

      cd8e9641046306857f3a12009ddf442922e32484696b475175c867e8ff580f3e

    • SHA512

      b9cad0723b37ee5612e64873ebddf428b4ace6396a2b301d8a19bc8c49c9084021f8c14da37298e262888ad62f6bbf78866bef152bb30fa8df39e60348396864

    • SSDEEP

      6144:hf+BLtABPDOpJTNN6eTSUdZ/pOlYeJqlA1D0Mk+:4pYSSUdZ/olYet1DY+

    • 44Caliber

      An open source infostealer written in C#.

    • Detected executables Discord URL observed in first stage droppers

      DISCORD URLS.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks