General

  • Target

    BlueStacksXsetup.exe

  • Size

    1.1MB

  • Sample

    230924-wca59agf8w

  • MD5

    6df424c55004064f017e0b39a2253448

  • SHA1

    30182c240002c1bcfedb0d3b44b0e2c57a13a2db

  • SHA256

    faeb588f777f567d3990e76a941cf406dc11f7079764325ebfee78cd7ffede29

  • SHA512

    a09d3f7f9d173b176ad15e9ef94571dfac6783b6786258b300ff0ab83fcf16100c1ffbf1153648d9ff3de7b13bb967b59794f921f21285028be98411bd9e607f

  • SSDEEP

    24576:+b69qHDABLqjL1M0HpccZoW6eq/oF5HPGys:5AtX60HpccGWRqwvGN

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1155120137612034188/cdy5wHbWmzOOyiX6nZbn5OlBuBidB8er7f1281hl7JRUP1iVFGnh9s57SwGqJtsdtgrx

Targets

    • Target

      BlueStacksXsetup.exe

    • Size

      1.1MB

    • MD5

      6df424c55004064f017e0b39a2253448

    • SHA1

      30182c240002c1bcfedb0d3b44b0e2c57a13a2db

    • SHA256

      faeb588f777f567d3990e76a941cf406dc11f7079764325ebfee78cd7ffede29

    • SHA512

      a09d3f7f9d173b176ad15e9ef94571dfac6783b6786258b300ff0ab83fcf16100c1ffbf1153648d9ff3de7b13bb967b59794f921f21285028be98411bd9e607f

    • SSDEEP

      24576:+b69qHDABLqjL1M0HpccZoW6eq/oF5HPGys:5AtX60HpccGWRqwvGN

    • 44Caliber

      An open source infostealer written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks