Overview

overview

10

Static

static

10

640d2a93bf...83.exe

windows7-x64

10

640d2a93bf...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    640d2a93bfc8e562453b35303ae4ec3c40c0de5b67eef3c28b1d1d498fa40f83

  • Size

    274KB

  • Sample

    231205-hnkbeahh97

  • MD5

    d6ae2f2cb1539dea4bb4d9ea9d5d5cce

  • SHA1

    bc2ac2bc2d1ee035b65dbd43a4c0d134c51a3eeb

  • SHA256

    640d2a93bfc8e562453b35303ae4ec3c40c0de5b67eef3c28b1d1d498fa40f83

  • SHA512

    59c2d4eafcf67f91ee31104cb04be363ffbfadbe5a9667c0849584e666dffd4529f5c7dfd16905d63f9e2fa310c820aec20de7455ec753a48ab538885ac10ebd

  • SSDEEP

    6144:vf+BLtABPDMtBBfn1Y0gIoHOQpafTyElI1D0pEA:otVvgIoHOOp1DxA

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/1179802952609837118/VQL2SnbY3OQKym01HTNlPaUzF5_zZWpyG0uR_TQhE0OllmdOQS7zEdjJ2Yw63bcoH9rt

Targets

    • Target

      640d2a93bfc8e562453b35303ae4ec3c40c0de5b67eef3c28b1d1d498fa40f83

    • Size

      274KB

    • MD5

      d6ae2f2cb1539dea4bb4d9ea9d5d5cce

    • SHA1

      bc2ac2bc2d1ee035b65dbd43a4c0d134c51a3eeb

    • SHA256

      640d2a93bfc8e562453b35303ae4ec3c40c0de5b67eef3c28b1d1d498fa40f83

    • SHA512

      59c2d4eafcf67f91ee31104cb04be363ffbfadbe5a9667c0849584e666dffd4529f5c7dfd16905d63f9e2fa310c820aec20de7455ec753a48ab538885ac10ebd

    • SSDEEP

      6144:vf+BLtABPDMtBBfn1Y0gIoHOQpafTyElI1D0pEA:otVvgIoHOOp1DxA

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks