44caliber | 51cfc971849b6d809df4f567616db7f420874a754752490b981134f1d40ff47c | Triage

Submit
Reports

Overview

overview

Static

static

7

df1c3a1b70...6b.exe

windows7-x64

df1c3a1b70...6b.exe

windows10-2004-x64

Sharing

General

Target

df1c3a1b70fc8f37ea642c4df3a2f66b
Size

448KB
Sample

231228-pt73zsdchl
MD5

df1c3a1b70fc8f37ea642c4df3a2f66b
SHA1

87b9d4bacc776489efb68f762913b76ef86908bf
SHA256

51cfc971849b6d809df4f567616db7f420874a754752490b981134f1d40ff47c
SHA512

a5a3e83d48f6eb0bd1ccbd4f48567c04d66ec1ba11b4afaf55df5f120b186ad3c764dd78b9835f8b2fb37b0d76d3f77ec08657f355c6734960359017e00fb512
SSDEEP

6144:+efG+g1L+8z7eoRDemTD+uf9+GV6eauyGFyInlXYWbgqtS4zbvhdaDz/A7Ah5lL2:+3S8xTiG04nTbcAcDq

Score

10^/10

44caliber agilenet spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

df1c3a1b70fc8f37ea642c4df3a2f66b.exe

Resource

win7-20231215-en

44caliber agilenet spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

df1c3a1b70fc8f37ea642c4df3a2f66b.exe

Resource

win10v2004-20231215-en

44caliber agilenet spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  df1c3a1b70fc8f37ea642c4df3a2f66b
- Size
  
  448KB
- MD5
  
  df1c3a1b70fc8f37ea642c4df3a2f66b
- SHA1
  
  87b9d4bacc776489efb68f762913b76ef86908bf
- SHA256
  
  51cfc971849b6d809df4f567616db7f420874a754752490b981134f1d40ff47c
- SHA512
  
  a5a3e83d48f6eb0bd1ccbd4f48567c04d66ec1ba11b4afaf55df5f120b186ad3c764dd78b9835f8b2fb37b0d76d3f77ec08657f355c6734960359017e00fb512
- SSDEEP
  
  6144:+efG+g1L+8z7eoRDemTD+uf9+GV6eauyGFyInlXYWbgqtS4zbvhdaDz/A7Ah5lL2:+3S8xTiG04nTbcAcDq
Score

10^/10

44caliber agilenet spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44caliberagilenetspywarestealer

behavioral2

44caliberagilenetspywarestealer

© 2018-2024

Terms | Privacy