44caliber | 232c76d65ab1d36fd73d1c8977bbd63a415a98fc2a7a65648003810584d05ecb

Analysis

max time kernel
3s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fd43f137db0c8472dc0d64be1190bc6.exe
Size

6.0MB
MD5

6fd43f137db0c8472dc0d64be1190bc6
SHA1

d1feb73da26dcc12198088dacc6dd9caf6417a36
SHA256

232c76d65ab1d36fd73d1c8977bbd63a415a98fc2a7a65648003810584d05ecb
SHA512

f2abf2c3996cd78d35a495ba1b8b951067e9f679ffafb994c53e6cdec8a49034313f4158f6596fd8178ada20b569fa671109381a69b3a4e43c447271152b68ef
SSDEEP

98304:tT1v0Sc5LEgwytj2KJHZpz+v2zU0XWbbr5vMjl2iQu9ntFEPZ8YGpnN6p:l18S6ZyKJz+ezUHQtBEp

Score

10^/10

44caliber stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/871356915303710720/aJQeq8OY3wwqIiXWkN97pUlIjJQhxawbR5zbwOuO96jrzWKG4INekUUjRxLOjy9VbIsi

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber

Executes dropped EXE 1 IoCs

pid	Process
2744	Fatality Loader.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	freegeoip.app
3	freegeoip.app

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2744	2900	6fd43f137db0c8472dc0d64be1190bc6.exe	28
PID 2900 wrote to memory of 2744	2900	6fd43f137db0c8472dc0d64be1190bc6.exe	28
PID 2900 wrote to memory of 2744	2900	6fd43f137db0c8472dc0d64be1190bc6.exe	28

C:\Users\Admin\AppData\Local\Temp\6fd43f137db0c8472dc0d64be1190bc6.exe
"C:\Users\Admin\AppData\Local\Temp\6fd43f137db0c8472dc0d64be1190bc6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\Fatality Loader.exe
  "C:\Users\Admin\AppData\Local\Temp\Fatality Loader.exe"
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Users\Admin\AppData\Local\Temp\CFG.exe
  "C:\Users\Admin\AppData\Local\Temp\CFG.exe"
  2⤵
  PID:2728
- C:\Users\Admin\AppData\Local\Temp\Fatality.win.exe
  "C:\Users\Admin\AppData\Local\Temp\Fatality.win.exe"
  2⤵
  PID:2976
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
    3⤵
    PID:1652
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
      4⤵
      PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74ff081de32dc53eb255564a0459e754

SHA1
1471c0c5a42e1836a47a60c0769a82b2bbec1e99

SHA256
f22712b52159db1335655ec852b088ef702446743d4ead83f2be4adf197d2bdf

SHA512
c6e2935be4bf05d50e3ffa091da43d5970e87080b144e024ef015b04cb524fd9714f29147bec300df13e6bdfca38c5e647a55cace23e43516536ead6c0dd7610

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
eb42f18fd443c4f817cc88f460c27914

SHA1
6f4d46ac3c16d4406c8f08e5afd32ca55cd0585b

SHA256
82c2e67336998a8f3a81d3cb265d34b50d4743e173ba23a4459f5de54f1d0f91

SHA512
1e68fda8ddc18c874f17a945ec38f136d36fec53613b3ca38e5ccead250423645bb49b924d3b06bd7253f071568b1707f59d06f7353774d22f3355bec9496b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5759cefa9b5838e38640cef0691a4102

SHA1
dd8fd2bdc1815a0be9b9d6ada4b17664aec8f07f

SHA256
f730cb2fdac84da64b95bd6602c46b216653a7c67d1feb321c8debb7144992ab

SHA512
778fc4f3e8d86cbabb4cae8ce315261c6ce68a43ce17d0cca9b10d8d83882571fa26a9f55f5cea633f1c6fac04a2f2d50853a9b6b7853aa83a2ca1d3b6d29d39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
566bdceb0da0cf7ef373ddc7fcc973cd

SHA1
e8f7f4cff763c0bad5e67bb5ac54ad4b455f4f21

SHA256
67534a96e8d2f2438728184b25d1bdf32f823e63db7908aed45b2d63b7533286

SHA512
fd359935d08eca52f635c2da1ac80d1b6848ed21ab4de384aa0ecf0d154bbf61d645557be252ffc06c2e5f7726bf9e541cdb9583d1c2107ff4ae3789e89d06d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4730ff08f4b4faafa60fec5218fecf9e

SHA1
aefe0051078ed1c746aac4cad1ad7efa7c0e0aa5

SHA256
7cffb29d74bb639120f94a414226f2a7c0a561b95fb0aaed8d6d30ac278d5040

SHA512
990bda14b422dc5327316257bc7508e756e2ff2850c83277dd73d0ef4dbdbb9c81c62e8931734f0df002471abb3054b3d5e8596d36250f31e19ccd0e43c8b7d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cf8cbdf2465872593a70337db3805b8

SHA1
f650e85f596d8e6e3a3c18679efc2cdee3711d62

SHA256
7a73d53250fc7b84633c65c5e73d8209193bbf5835ba39542269675300932882

SHA512
a081a02171b873c56632bea09032a5f902ee6e1771484ebc5aeed861100788fb26d40425be30930fc93c10c893c04128d34b147d2ac4b39820d5c45eb3eb641d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9RH02E27\www.java[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9RH02E27\www.java[1].xml

Filesize
195B

MD5
b9f143d39af2792afd1b2bdfb44aa4d0

SHA1
cd5ff3f01c8d4f19800c8e178125e61aff52e954

SHA256
2e06e7c8d557e5855daa0466adce69177889c37f9755bb1c3e50205fc52a3ba1

SHA512
38bea3160bf17eb7e2a90e4800f869814ceba32148d1413c4122959a81695884acd0deae327ada6add487cb80be8f3765546ecc612c18df6a16e4e6a50eee117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

Filesize
1KB

MD5
4939ad55d5aea05e74044a52d6fe9ee9

SHA1
0b69eee1239bab5c624dbadf36bcfce53c233ca8

SHA256
029942c9a0a0de318b967e6c4583ce48af43e94111ec312acb9a80c1b2ef09ff

SHA512
f22a0e87511446ace9654736bce588e287585868f909a144cc7e5802c60dbc5d87fcc425bbe1a2c8da86e2de3b0d0a959676879477cc94b036cfe76ab73e1ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\favicon[1].ico

Filesize
1KB

MD5
8e39f067cc4f41898ef342843171d58a

SHA1
ab19e81ce8ccb35b81bf2600d85c659e78e5c880

SHA256
872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd

SHA512
47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

Download Submit
C:\Users\Admin\AppData\Local\Temp\CFG.exe

Filesize
33KB

MD5
6ded39def9263c60e13d8682b44c9126

SHA1
8c19f53028f62332bb362cb94fa51d28d2e66784

SHA256
451327b9d20f9e770bc7f5d5f58015ae72f4cf9d6e7a26960219ae5a0f606266

SHA512
bc8f625e87e1242ea3f15ab2dbade757b6ceead5da6e38bea164daf69922b2448256ad95d83cef2a9169d13d480aa91efbd76ffa01a000d8ce9cc6f7f94952aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE1E7.tmp

Filesize
45KB

MD5
39285b3852852fb95d2144742d5e6556

SHA1
63b6a4d28815e2f10ab63a531077ea3963c12860

SHA256
0a54c6428c7e8ba3a5b6149964d0ab59fe4449605296687468d7856559512eae

SHA512
7e3bff7e76e88dd3fb92b1d9845aff8307006af5be2906f15233fea3bdf5a2f74f616e6d3f72e07691ba9a187e5c607e6c0ebe330619afb6a560d47139a2507d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Fatality Loader.exe

Filesize
299KB

MD5
c62e8659a538d545f07e0c9f9d4e7473

SHA1
feaa24f501803d8f179732d4920561deb8b4c08f

SHA256
5895294f317b1cf6c4598d293501249917f8177adea6c0f4241517ee2596365e

SHA512
d0c46943279825cebf4de80d50b53fea409d2ecfae9922af97c93f199b62fdf572a278bdee04fe2a13cf7be8a2ac1fa92a081a8b614a0a89348d894600b1d5ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Fatality Loader.exe

Filesize
137KB

MD5
5a9c44c015ec6234a2f68ebae7fc1545

SHA1
309d6c49bd5770c4194426a27ed4a3f82ba1aae0

SHA256
3da44fce565e0de69fd4aa857725ac481eead6f25a339d02d3f83e78e6e58d6d

SHA512
26d222c655c83a41c0d50b82f87c01fc89cb803ff484dcbe9895e72a3742295db5a0c5d558124d441c27df0cd2a6ed29bc9c387234d8f2999a2dacc76e564274

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE248.tmp

Filesize
31KB

MD5
9f48b26dd55a91cd7f8f73fc1e31334a

SHA1
5473c9c76db6c82d52f25bcc02c57a154dbd9710

SHA256
0a779f92d078aa5d380b1f5d2295b4890b1dde14442328249d324c50c437d8d9

SHA512
36fff8a225cf53c7698512ae4fc76ddd00f8c47c5c50d9149c86863831b395098971bc63016280e8e8ca955328d1deac0638e70c295c54e2e0e0d18894b7928c

Download Submit
memory/2744-77-0x000007FEF4FD0000-0x000007FEF59BC000-memory.dmp

Filesize
9.9MB

Download
memory/2744-18-0x000000001B0D0000-0x000000001B150000-memory.dmp

Filesize
512KB

Download
memory/2744-11-0x0000000000290000-0x00000000002E0000-memory.dmp

Filesize
320KB

Download
memory/2744-16-0x000007FEF4FD0000-0x000007FEF59BC000-memory.dmp

Filesize
9.9MB

Download
memory/2900-0-0x0000000000CD0000-0x00000000012D4000-memory.dmp

Filesize
6.0MB

Download
memory/2900-29-0x000007FEF4FD0000-0x000007FEF59BC000-memory.dmp

Filesize
9.9MB

Download
memory/2900-2-0x0000000000AF0000-0x0000000000B70000-memory.dmp

Filesize
512KB

Download
memory/2900-1-0x000007FEF4FD0000-0x000007FEF59BC000-memory.dmp

Filesize
9.9MB

Download
memory/2976-75-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download