General

  • Target

    12143930620.zip

  • Size

    113KB

  • Sample

    231003-n3khlsad6x

  • MD5

    465e3574d2f53abaf1a7309e101874ce

  • SHA1

    e19aced37a3ed4ee53a948b995938dbfc0d975c6

  • SHA256

    89776cccb48ad220d19e203d764955930907f60142f6c71b6cd32c6decb6867d

  • SHA512

    a6daea9d94986ce07685ccb70505eee4bcd9dae11dac4c93c921fcc9405c9d363304b293b07d427b2b6608797e118201bc532b28cc75ad51540273b2ea37bd6b

  • SSDEEP

    1536:DP3yoAqwiWgrzh01jKcRvlaTNuyH/HWXqH+1RyEiwYA5MKeLNyxEuonun:4GZ0IcplaTN5yx14EiwYA5FEXun

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1158386448026849410/FtcZKAlq7edVMUGk395SXV3Q9JN9qbNFGOqPx7vDhxDM_to09iUh6gk0PVk4dwi2gGuA

Targets

    • Target

      f17c1d86bdbdb7e6bae2034ec80231638bd3312dd75a1f5b6fe55731a3a56433

    • Size

      274KB

    • MD5

      7c02408a83fa049887df06c7c0c3f301

    • SHA1

      2ced507a793f00e49648f0dccb08a304995434d3

    • SHA256

      f17c1d86bdbdb7e6bae2034ec80231638bd3312dd75a1f5b6fe55731a3a56433

    • SHA512

      04d3747ca6d1891760b3b444ebb3152bd42d1a4e21a4c9ff940b188e8c614a55dd44e09c89af49eadd56775f1ea29f4e7ac6a4cbd50728cc61032b4067c79896

    • SSDEEP

      6144:6f+BLtABPDslRpZrQWT0IQZQZ9afTyUlI1D03oK:5lmK0IQZQdZ1DLK

    • 44Caliber

      An open source infostealer written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks