Overview

overview

10

Static

static

10

deadsense.exe

windows7-x64

10

deadsense.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    expensivecrak3.0.rar

  • Size

    111KB

  • Sample

    231201-trnnsadf35

  • MD5

    ba1e87a7123e7d1a851872a96c155bd4

  • SHA1

    a4a9b27c7cad5c47132651c29a05d35ac91a3888

  • SHA256

    3bf062d997913c12bcee479623af730d98be59993a704abbddffed5e7fa604d5

  • SHA512

    e77ec21fb70afbd3fc51ce49f0b86d3c1e46f040a46cdf547711c376d5db23c23fe4ee0afa89a414eae908f06b73d6aa068dcf4d00fca510f1b1b6e9a9fd09fb

  • SSDEEP

    3072:8fqUt1aA1RmJYxvC0iCFJqLloiMpYrdi68:8flD1RmyvD5fkloieP

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1106246820465754193/PhLXU_8QVd9PKEsWp1wYfiuAgulXvdo3vNtxDX_F2rZvdBoVeobiSd4lhoRwXHxlyOwF

Targets

    • Target

      deadsense.exe

    • Size

      274KB

    • MD5

      3052e30d962a23b4e3766f025b8d6c21

    • SHA1

      97bec7796489888ad6aacdc5f3281f88c0287cf1

    • SHA256

      a35b29189e4ea69890b73e5c64a26a3badc61b9e2084ddfa1a959bc6241ff1dd

    • SHA512

      cf9a993eeba2440a6bacedff874a3b84e7112e6f11dfebc4d591380b462bdb1a247099290c5fa448d0431daa7ec55080db6d23219da1c10ca2a168ade5e4b680

    • SSDEEP

      6144:Zf+BLtABPDWlR1ZroWT0Ilb5wqlYeJClA1D0Ne9:4luK0Ilb5/lYe11Dx9

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks