44caliber | a15c3b6773fa9d8db715f8c557c76c95e8f84db0fa5046ed7a01589bfdc778b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

fd2f11c311...b6.exe

windows7-x64

fd2f11c311...b6.exe

windows10-2004-x64

Sharing

General

Target

fd2f11c31192e8efe0eb4b37d1a5e1b6
Size

9.5MB
Sample

231228-2h2haaacc2
MD5

fd2f11c31192e8efe0eb4b37d1a5e1b6
SHA1

48b2610a347ae04cd61cd33100715ca5476e1951
SHA256

a15c3b6773fa9d8db715f8c557c76c95e8f84db0fa5046ed7a01589bfdc778b5
SHA512

39a5e38dfb04b462e167462e78fe9cf018215cd8e9fcc7e1cf67e6ea93f99176af49995ed9c987899f140fe32faeda6757a2e814944b899454e771f183b04afa
SSDEEP

196608:0FSJAB+ZcpS+S6SrGTsD2dmmhGlkrwPgZS7rjsn6P44Nm:0FS+Bkc0+Fe6dmracMR7

Score

10^/10

44caliber xmrig discovery evasion miner stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fd2f11c31192e8efe0eb4b37d1a5e1b6.exe

Resource

win7-20231129-en

44caliber xmrig evasion miner stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd2f11c31192e8efe0eb4b37d1a5e1b6.exe

Resource

win10v2004-20231215-en

44caliber discovery stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/868513655556292688/7ViWQKXofSCTi8VWoHEcGeQK61RUEBYfnsE72cu6TJnpHYwlgzbrVI5gQn_jpfUMFoS5

Targets

- Target
  
  fd2f11c31192e8efe0eb4b37d1a5e1b6
- Size
  
  9.5MB
- MD5
  
  fd2f11c31192e8efe0eb4b37d1a5e1b6
- SHA1
  
  48b2610a347ae04cd61cd33100715ca5476e1951
- SHA256
  
  a15c3b6773fa9d8db715f8c557c76c95e8f84db0fa5046ed7a01589bfdc778b5
- SHA512
  
  39a5e38dfb04b462e167462e78fe9cf018215cd8e9fcc7e1cf67e6ea93f99176af49995ed9c987899f140fe32faeda6757a2e814944b899454e771f183b04afa
- SSDEEP
  
  196608:0FSJAB+ZcpS+S6SrGTsD2dmmhGlkrwPgZS7rjsn6P44Nm:0FS+Bkc0+Fe6dmracMR7
Score

10^/10

44caliber xmrig evasion miner stealer discovery
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

44caliberxmrigevasionminerstealer

behavioral2

44caliberdiscoverystealer

© 2018-2024

Terms | Privacy