General

  • Target

    22bae033c46d71990197f17a981ce3c9

  • Size

    2.3MB

  • Sample

    231225-q1xfhaeag9

  • MD5

    22bae033c46d71990197f17a981ce3c9

  • SHA1

    ce5488cd3d40e42917c7bb1c642da4b7817248d0

  • SHA256

    620b5b24add3610dadb6d18e4a52f1fa3c6cb5686dac389b655be6ffb1ef62e5

  • SHA512

    3a9448ca3b0b3074eaae4f0803f9d8522d19e5f0bbe222131a64543f374bf8658c8f9c0c08b2136bdc54439bc039e03fa4f61284aae26e15515790487731abd5

  • SSDEEP

    49152:9T1KUWNK6HkvoHKbtaU0fG9sFbI3TWdhswrlEkj1vi25m:h49gqkvFZZ0fZsjWdhswrxj15

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/868513655556292688/7ViWQKXofSCTi8VWoHEcGeQK61RUEBYfnsE72cu6TJnpHYwlgzbrVI5gQn_jpfUMFoS5

Targets

    • Target

      22bae033c46d71990197f17a981ce3c9

    • Size

      2.3MB

    • MD5

      22bae033c46d71990197f17a981ce3c9

    • SHA1

      ce5488cd3d40e42917c7bb1c642da4b7817248d0

    • SHA256

      620b5b24add3610dadb6d18e4a52f1fa3c6cb5686dac389b655be6ffb1ef62e5

    • SHA512

      3a9448ca3b0b3074eaae4f0803f9d8522d19e5f0bbe222131a64543f374bf8658c8f9c0c08b2136bdc54439bc039e03fa4f61284aae26e15515790487731abd5

    • SSDEEP

      49152:9T1KUWNK6HkvoHKbtaU0fG9sFbI3TWdhswrlEkj1vi25m:h49gqkvFZZ0fZsjWdhswrxj15

    • 44Caliber

      An open source infostealer written in C#.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks