Extracted

• • Target

    1dc5cd47accaaebf5be57878d43a2dc0

  • Size

    1.7MB

  • MD5

    1dc5cd47accaaebf5be57878d43a2dc0

  • SHA1

    908e07ba8c3e9760aa42746e67e5c66b3110bb11

  • SHA256

    2a6063c7a32ca6b06174935c64894c825b29eafbea54700c0bc0a6b64be186f4

  • SHA512

    f3b6d684da544da1cd0a8dea28dd5abd3a4ced524492ca03278e669daa21d1a52d36f967da4fb2a04c79068b04bd1ba03fa746282bf763156637f4eb5953b6a3

  • SSDEEP

    49152:cZ6rR44Nu+OkppJ+yoeTp3flodyZmFSykdoj9zgi4:cuR44NPpiuTp3floqmAx4q

  Score

  10^/10

  44caliberblackguardspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2