Extracted

• • Target

    206db0f20482b4ffcf4bf7a72b743a48

  • Size

    1.5MB

  • MD5

    206db0f20482b4ffcf4bf7a72b743a48

  • SHA1

    5952e991897ad99f773b7bf9d8835f7dbc7f274a

  • SHA256

    1041b6275ef7bc5b1729fa2b415ccf0e30a83ec298e02a9ec6b85c7fa0ac3418

  • SHA512

    25df102ec9bdcf038003ae357bef77f06adc07182ebd72bdea25e2f10da4090c48b7347d1e424d5552ad0ccba3df400a6bf6b58d9b0dbc3acadd96eb966eec69

  • SSDEEP

    24576:ATQuKl+Mw5dImXOEULqpKOKH07zIthhfPuD3J2Od4I0WpWeGdjeIPf6+kItzfdhZ:Yt5WjEULmzc3uD3JTd4k5YjeI364xVhZ

  Score

  10^/10

  44caliberspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2