Behavioral task
behavioral1
Sample
123.scr
Resource
win7-20231023-en
General
-
Target
123.scr
-
Size
282KB
-
MD5
9dc5e3d364fba20137971eb948ed5089
-
SHA1
5848daad55e30e542e17213ea83d4c4e8ad66641
-
SHA256
e009fee742f6dd1d2c9fc0e840dbeeca1a705a13c2667bf09daf216c60411e89
-
SHA512
a0eac98d1b820b59fa2ed0ab98bd70b3fa96af2d0d1498f6ad2e23829f6d1852bbc7512d9683ed1985c4d221bada57461a65ea18556d48235d7a8f6a127eefa9
-
SSDEEP
6144:if+BLtABPDMtBBfn1Y0gIoHOQpafTyUlI1D0fVg9MtW:JtVvgIoHOOZ1DKg96
Malware Config
Extracted
44caliber
https://discordapp.com/api/webhooks/1184504729359896607/fPAMX9PDaXX6cd_-7EdUwUPRgvGLKrETMXz361gwk0y19F6LqJJCESeLcwPQReg9mLu9
Signatures
-
44caliber family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 123.scr
Files
-
123.scr.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 272KB - Virtual size: 271KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ