Extracted

• • Target

    28b7f69fdd58bfd90380ddb5300ecfe4

  • Size

    1.2MB

  • MD5

    28b7f69fdd58bfd90380ddb5300ecfe4

  • SHA1

    bc0cd70ff17a7d3b642eca01192438d4ee98a57f

  • SHA256

    052deff6ad3f6b1a650cd1ea74364098c5e150a49075c5e658df122b26ff4253

  • SHA512

    c0c19e4c9885cc793c40a4347d26978bc49c328a5c3989e61e0ca1065c151a3d69968035e7cef9783b422995e6d5ad43eb3c18fa32ecedbbc53f6093dbe925d1

  • SSDEEP

    24576:j276EjqbkG8xLM8aNcFWBhb5SEs/Q73V9KFAtIEq8s0biAMmfxv:j27mbkG1OobVcQxtpK7mF

  Score

  10^/10

  44caliberspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2