44caliber | 8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f | Triage

Submit
Reports

Overview

overview

Static

static

3

8b919845a9...8f.exe

windows7-x64

8b919845a9...8f.exe

windows10-2004-x64

Sharing

General

Target

8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f
Size

3.2MB
Sample

230910-w86a9sba7w
MD5

e96c81e32069fcfb94da98c9be02a855
SHA1

bd4146f93ce56aeac1ec5b5ac9fe5af1dab81701
SHA256

8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f
SHA512

8df7a9b026dc1a4a7aa7567cc5db31fded149126cb5782ee76e9a433ea37194bdcd2b69070daf7a3ee8a866d939d40ec9204f79453bef85b397bc70840e273b3
SSDEEP

49152:YIun087q30q/a6rrfvitpxOUMlHUK5XejfEOVpZ6MZj9X5myer3lPO8H5u:YL0OzqS6rr2YxlHejsO3Z9Z/m9re

Score

10^/10

44caliber spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f.exe

Resource

win7-20230831-en

44caliber spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f.exe

Resource

win10v2004-20230831-en

44caliber spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1150051435472498830/YhoiwXwAAKsBrBSJ0St12JGqZ_ebCKHh9rfhnswtrjkVxmov8EdH-iOO0gTBXrngx-L8

Targets

- Target
  
  8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f
- Size
  
  3.2MB
- MD5
  
  e96c81e32069fcfb94da98c9be02a855
- SHA1
  
  bd4146f93ce56aeac1ec5b5ac9fe5af1dab81701
- SHA256
  
  8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f
- SHA512
  
  8df7a9b026dc1a4a7aa7567cc5db31fded149126cb5782ee76e9a433ea37194bdcd2b69070daf7a3ee8a866d939d40ec9204f79453bef85b397bc70840e273b3
- SSDEEP
  
  49152:YIun087q30q/a6rrfvitpxOUMlHUK5XejfEOVpZ6MZj9X5myer3lPO8H5u:YL0OzqS6rr2YxlHejsO3Z9Z/m9re
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer

© 2018-2024

Terms | Privacy