Overview

overview

10

Static

static

10

6bd2d0c64c...dd.exe

windows7-x64

10

6bd2d0c64c...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bd2d0c64ce33ca5522c34a8927db8dd

  • Size

    274KB

  • Sample

    231222-fmwxpsfggn

  • MD5

    6bd2d0c64ce33ca5522c34a8927db8dd

  • SHA1

    370a93b652c6d566c5921d727e298adf9640aa87

  • SHA256

    d17470457a84cb120cf0fde0c405ae82a954c39534368e2cb9c6798823c69fe3

  • SHA512

    3275e4de111ff3da91b5c53c1d4124bf536f436c763b072f574d19f8f43c88e95d614915ebb73876d68086b3bc4eddc60fabd1e5ca428f56e3e37d922b3ff3f4

  • SSDEEP

    6144:Mf+BLtABPD9NF/DVGK7zeNL+wN41V6GIeyXGRA1D0nmG:KNKK7zeNLXY69eyXL1DdG

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/882980614087794780/2EXTWMBoMH9DQog67zK2ten38diDtxtqRM8VZIXtVQBTQ1ytliHQMSQQ6ozPiihxhSIW

Targets

    • Target

      6bd2d0c64ce33ca5522c34a8927db8dd

    • Size

      274KB

    • MD5

      6bd2d0c64ce33ca5522c34a8927db8dd

    • SHA1

      370a93b652c6d566c5921d727e298adf9640aa87

    • SHA256

      d17470457a84cb120cf0fde0c405ae82a954c39534368e2cb9c6798823c69fe3

    • SHA512

      3275e4de111ff3da91b5c53c1d4124bf536f436c763b072f574d19f8f43c88e95d614915ebb73876d68086b3bc4eddc60fabd1e5ca428f56e3e37d922b3ff3f4

    • SSDEEP

      6144:Mf+BLtABPD9NF/DVGK7zeNL+wN41V6GIeyXGRA1D0nmG:KNKK7zeNLXY69eyXL1DdG

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks