44caliber | b1e22731feaa39630fdc4ce2f145dee3984d5c8ec57e67d681c2bec7c0c3ebc9 | Triage

Submit
Reports

Overview

overview

Static

static

Neon v2/Neon v2.exe

windows7-x64

Neon v2/Neon v2.exe

windows10-2004-x64

Resubmissions

12-07-2023 17:45

230712-wbrrlsec33 10

12-07-2023 17:29

230712-v2m1nseb79 10

Sharing

General

Target

Neon v2.rar
Size

103KB
Sample

230712-v2m1nseb79
MD5

f38b27745d24cc16c2d3c6e5fe933e7e
SHA1

bfc30c46362584622a863cf153ef8eabeb838c6f
SHA256

b1e22731feaa39630fdc4ce2f145dee3984d5c8ec57e67d681c2bec7c0c3ebc9
SHA512

a43beb185f76b8503bc8768e8477b827fb2a7faa317fc52de758c43ab82f3484415077450a29596f9c0087a5d637888c8d0514218750fc5f35c0fd777a666ccf
SSDEEP

1536:/vs6Xqj51478GgTnDdwsJ1RDJiXIAD1eAvG5FpvouWfx6s5/GkK1iPzimAuRExbw:XkkgTDdwsJDBLiWQss8uziCRE1A/CM

Score

10^/10

44caliber discordurls spyware stealer

Static task

static1

discordurls 44caliber

3 signatures

Behavioral task

behavioral1

Sample

Neon v2/Neon v2.exe

Resource

win7-20230712-en

44caliber discordurls spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Neon v2/Neon v2.exe

Resource

win10v2004-20230703-en

44caliber discordurls spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/956477791124205569/zhz-iUwTtwf3ND8UdSeoNmdX8X4ElZBSxqhFrwstZ6oV5o-CWZxANYz737UasCARyImg

Targets

- Target
  
  Neon v2/Neon v2.exe
- Size
  
  274KB
- MD5
  
  1c135a7b80703354a6d8bac14381447d
- SHA1
  
  7562f7ba852f7ff91b6ef10647417bd54ff55c6c
- SHA256
  
  cd8e9641046306857f3a12009ddf442922e32484696b475175c867e8ff580f3e
- SHA512
  
  b9cad0723b37ee5612e64873ebddf428b4ace6396a2b301d8a19bc8c49c9084021f8c14da37298e262888ad62f6bbf78866bef152bb30fa8df39e60348396864
- SSDEEP
  
  6144:hf+BLtABPDOpJTNN6eTSUdZ/pOlYeJqlA1D0Mk+:4pYSSUdZ/olYet1DY+
Score

10^/10

44caliber discordurls spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detected executables Discord URL observed in first stage droppers
  DISCORD URLS.
  discordurls
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

discordurls44caliber

behavioral1

44caliberdiscordurlsspywarestealer

behavioral2

44caliberdiscordurlsspywarestealer

© 2018-2024

Terms | Privacy