General
-
Target
1b38873770387cbb4a6f50acb3fabf4e
-
Size
1.2MB
-
Sample
231230-rm7jzsgabm
-
MD5
1b38873770387cbb4a6f50acb3fabf4e
-
SHA1
e28c6001fc49fb3ac0772f21e94b1d9f9f09d884
-
SHA256
4557cb6de38a939358273d7d6a1f112ae08ef2c346fea7b5a9f4db4916214d3a
-
SHA512
de5bcfed2490544ef21cf5c409ea06840a34518ac493922f8e822419c1a11ddada50dd63f4d6a780763c7997442aecf7e60c5b02ace3a27d8a9675b69744b368
-
SSDEEP
24576:q99ntjNH8JnYgIEw2bt/ynbMsQnbGFJqYahyj8Z8PgpcxWs:itjp8JDIEJPbc3vj8yPg+o
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/873606332538830858/lYlVeMKza_ZLedpS3S4LgiEdM25T6BM0zeX-3e35GNaPioU47pkpIbvYX2zXUbCa7nLH
Targets
-
-
Target
1b38873770387cbb4a6f50acb3fabf4e
-
Size
1.2MB
-
MD5
1b38873770387cbb4a6f50acb3fabf4e
-
SHA1
e28c6001fc49fb3ac0772f21e94b1d9f9f09d884
-
SHA256
4557cb6de38a939358273d7d6a1f112ae08ef2c346fea7b5a9f4db4916214d3a
-
SHA512
de5bcfed2490544ef21cf5c409ea06840a34518ac493922f8e822419c1a11ddada50dd63f4d6a780763c7997442aecf7e60c5b02ace3a27d8a9675b69744b368
-
SSDEEP
24576:q99ntjNH8JnYgIEw2bt/ynbMsQnbGFJqYahyj8Z8PgpcxWs:itjp8JDIEJPbc3vj8yPg+o
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-