44caliber | 2f82f381e01d7c089f5af5a95a1d276cd349c3da56fc985024d8c5af17552d91 | Triage

Submit
Reports

Overview

overview

Static

static

3

kamidere.exe

windows10-1703-x64

Sharing

General

Target

kamidere.exe
Size

1.2MB
Sample

230907-x5ws4ade47
MD5

7459066f56619d7465110e5cf08bf7ff
SHA1

cb2a865d3e3af9d17a30ec4957e564edfef657d1
SHA256

2f82f381e01d7c089f5af5a95a1d276cd349c3da56fc985024d8c5af17552d91
SHA512

07fb16334aee0388501410f89fa2c3e26641aa87234d32bb8de30f14d7cd4228a5792b39b775651d814cda314e78f0a01c2cfef8ae938d6dd42398ca2711b986
SSDEEP

24576:BKJdi3xR7XX9NqdzkFxSEAuc3lKaMhzKukuYuC+:BCo3L7H9Md4FxSEAuj5MuC+

Score

10^/10

44caliber spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

kamidere.exe

Resource

win10-20230831-en

44caliber spyware stealer

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1144111485715484692/W6-NrreN9sCTG1sx1mo0d2yLoDwfNnpdsyMarNWNlT4kgWHDWvgWC3whzPnqr8RkjttM

Targets

- Target
  
  kamidere.exe
- Size
  
  1.2MB
- MD5
  
  7459066f56619d7465110e5cf08bf7ff
- SHA1
  
  cb2a865d3e3af9d17a30ec4957e564edfef657d1
- SHA256
  
  2f82f381e01d7c089f5af5a95a1d276cd349c3da56fc985024d8c5af17552d91
- SHA512
  
  07fb16334aee0388501410f89fa2c3e26641aa87234d32bb8de30f14d7cd4228a5792b39b775651d814cda314e78f0a01c2cfef8ae938d6dd42398ca2711b986
- SSDEEP
  
  24576:BKJdi3xR7XX9NqdzkFxSEAuc3lKaMhzKukuYuC+:BCo3L7H9Md4FxSEAuj5MuC+
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

© 2018-2024

Terms | Privacy