General
-
Target
1f2a8237d80c320b6c6ca9c3edeebc244dd3c6708e851a6798263c619eae9aca
-
Size
1.5MB
-
Sample
231102-nxhrtsdc33
-
MD5
5a59e468b8d917cb8ab8283f4cc3c73a
-
SHA1
544420b225c36f3659357534d992cc2e2282b7c0
-
SHA256
1f2a8237d80c320b6c6ca9c3edeebc244dd3c6708e851a6798263c619eae9aca
-
SHA512
4f3852de36ad5c486ed8094c0de5ac77fd2e0efdb22ce2cc26bf16628c21b7ac5425dc1634696639b9c62f3e5af350a9c3c48125326bb5801cf3d98a42665bfc
-
SSDEEP
49152:Fsva6rr9EVAfGqEcBD2JS1NPa/LOj79eB:Fsy6GV32pPReB
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1169532958714105867/1ybbaEcwmEndkiHlxdGAYEwGK_q_-J5R_WsnfnPVVZlR8Zo9npE1_nuHQba2_1sthVX_
Targets
-
-
Target
1f2a8237d80c320b6c6ca9c3edeebc244dd3c6708e851a6798263c619eae9aca
-
Size
1.5MB
-
MD5
5a59e468b8d917cb8ab8283f4cc3c73a
-
SHA1
544420b225c36f3659357534d992cc2e2282b7c0
-
SHA256
1f2a8237d80c320b6c6ca9c3edeebc244dd3c6708e851a6798263c619eae9aca
-
SHA512
4f3852de36ad5c486ed8094c0de5ac77fd2e0efdb22ce2cc26bf16628c21b7ac5425dc1634696639b9c62f3e5af350a9c3c48125326bb5801cf3d98a42665bfc
-
SSDEEP
49152:Fsva6rr9EVAfGqEcBD2JS1NPa/LOj79eB:Fsy6GV32pPReB
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-