General

  • Target

    8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f

  • Size

    3.2MB

  • Sample

    230910-w86a9sba7w

  • MD5

    e96c81e32069fcfb94da98c9be02a855

  • SHA1

    bd4146f93ce56aeac1ec5b5ac9fe5af1dab81701

  • SHA256

    8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f

  • SHA512

    8df7a9b026dc1a4a7aa7567cc5db31fded149126cb5782ee76e9a433ea37194bdcd2b69070daf7a3ee8a866d939d40ec9204f79453bef85b397bc70840e273b3

  • SSDEEP

    49152:YIun087q30q/a6rrfvitpxOUMlHUK5XejfEOVpZ6MZj9X5myer3lPO8H5u:YL0OzqS6rr2YxlHejsO3Z9Z/m9re

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1150051435472498830/YhoiwXwAAKsBrBSJ0St12JGqZ_ebCKHh9rfhnswtrjkVxmov8EdH-iOO0gTBXrngx-L8

Targets

    • Target

      8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f

    • Size

      3.2MB

    • MD5

      e96c81e32069fcfb94da98c9be02a855

    • SHA1

      bd4146f93ce56aeac1ec5b5ac9fe5af1dab81701

    • SHA256

      8b919845a9b13861d7095a64e5e2db3298021bccc7962fd7995b9de9e76b268f

    • SHA512

      8df7a9b026dc1a4a7aa7567cc5db31fded149126cb5782ee76e9a433ea37194bdcd2b69070daf7a3ee8a866d939d40ec9204f79453bef85b397bc70840e273b3

    • SSDEEP

      49152:YIun087q30q/a6rrfvitpxOUMlHUK5XejfEOVpZ6MZj9X5myer3lPO8H5u:YL0OzqS6rr2YxlHejsO3Z9Z/m9re

    • 44Caliber

      An open source infostealer written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks