Extracted

• • Target

    1b38873770387cbb4a6f50acb3fabf4e

  • Size

    1.2MB

  • MD5

    1b38873770387cbb4a6f50acb3fabf4e

  • SHA1

    e28c6001fc49fb3ac0772f21e94b1d9f9f09d884

  • SHA256

    4557cb6de38a939358273d7d6a1f112ae08ef2c346fea7b5a9f4db4916214d3a

  • SHA512

    de5bcfed2490544ef21cf5c409ea06840a34518ac493922f8e822419c1a11ddada50dd63f4d6a780763c7997442aecf7e60c5b02ace3a27d8a9675b69744b368

  • SSDEEP

    24576:q99ntjNH8JnYgIEw2bt/ynbMsQnbGFJqYahyj8Z8PgpcxWs:itjp8JDIEJPbc3vj8yPg+o

  Score

  10^/10

  44caliberspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2