General

  • Target

    a011238f838b9bc61adec2897e0cac87099249a425dbc83064094fbdb987f337

  • Size

    415KB

  • Sample

    230913-kvsx8sdd76

  • MD5

    f3f3c591de1ed8ea2c00dcf8c03b86bf

  • SHA1

    02e9dee6e17a41b74054d11a2f0e7abc0b963b12

  • SHA256

    a011238f838b9bc61adec2897e0cac87099249a425dbc83064094fbdb987f337

  • SHA512

    61b2a9d6c011babe0540db4016627a584161c7fac432820424cd8c85cd85cb1ca537e1b202cceec241b99592865ace30cf9f47362563b82250053dfb63abb214

  • SSDEEP

    6144:2TouKrWBEu3/Z2lpGDHU3ykJotX+t41/5c8gWe3JB2AgMmqP:2ToPWBv/cpGrU3yVtX+t4V5cWe5A+mqP

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1136773243261427722/PblfbxA7GVJqBDdmJ8FJrCPSUvE8iRRElfnrMu-WTqPYsrO633tdDs3xiZCowAI13ArQ

Targets

    • Target

      a011238f838b9bc61adec2897e0cac87099249a425dbc83064094fbdb987f337

    • Size

      415KB

    • MD5

      f3f3c591de1ed8ea2c00dcf8c03b86bf

    • SHA1

      02e9dee6e17a41b74054d11a2f0e7abc0b963b12

    • SHA256

      a011238f838b9bc61adec2897e0cac87099249a425dbc83064094fbdb987f337

    • SHA512

      61b2a9d6c011babe0540db4016627a584161c7fac432820424cd8c85cd85cb1ca537e1b202cceec241b99592865ace30cf9f47362563b82250053dfb63abb214

    • SSDEEP

      6144:2TouKrWBEu3/Z2lpGDHU3ykJotX+t41/5c8gWe3JB2AgMmqP:2ToPWBv/cpGrU3yVtX+t4V5cWe5A+mqP

    • 44Caliber

      An open source infostealer written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks