General
-
Target
f3f3c591de1ed8ea2c00dcf8c03b86bf
-
Size
415KB
-
Sample
230831-epsgmada58
-
MD5
f3f3c591de1ed8ea2c00dcf8c03b86bf
-
SHA1
02e9dee6e17a41b74054d11a2f0e7abc0b963b12
-
SHA256
a011238f838b9bc61adec2897e0cac87099249a425dbc83064094fbdb987f337
-
SHA512
61b2a9d6c011babe0540db4016627a584161c7fac432820424cd8c85cd85cb1ca537e1b202cceec241b99592865ace30cf9f47362563b82250053dfb63abb214
-
SSDEEP
6144:2TouKrWBEu3/Z2lpGDHU3ykJotX+t41/5c8gWe3JB2AgMmqP:2ToPWBv/cpGrU3yVtX+t4V5cWe5A+mqP
Static task
static1
Behavioral task
behavioral1
Sample
f3f3c591de1ed8ea2c00dcf8c03b86bf.exe
Resource
win7-20230712-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1136773243261427722/PblfbxA7GVJqBDdmJ8FJrCPSUvE8iRRElfnrMu-WTqPYsrO633tdDs3xiZCowAI13ArQ
Targets
-
-
Target
f3f3c591de1ed8ea2c00dcf8c03b86bf
-
Size
415KB
-
MD5
f3f3c591de1ed8ea2c00dcf8c03b86bf
-
SHA1
02e9dee6e17a41b74054d11a2f0e7abc0b963b12
-
SHA256
a011238f838b9bc61adec2897e0cac87099249a425dbc83064094fbdb987f337
-
SHA512
61b2a9d6c011babe0540db4016627a584161c7fac432820424cd8c85cd85cb1ca537e1b202cceec241b99592865ace30cf9f47362563b82250053dfb63abb214
-
SSDEEP
6144:2TouKrWBEu3/Z2lpGDHU3ykJotX+t41/5c8gWe3JB2AgMmqP:2ToPWBv/cpGrU3yVtX+t4V5cWe5A+mqP
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-