44caliber | 3220df74888873a8f81e0bde3f4743c25f908bf0c97b768863b67d8d78867425 | Triage

Submit
Reports

Overview

overview

Static

static

3

2eb2782cc3...1c.exe

windows7-x64

2eb2782cc3...1c.exe

windows10-2004-x64

Sharing

General

Target

2eb2782cc346b73b7180e3e9a220041c
Size

9.3MB
Sample

231231-j49rnsfbhl
MD5

2eb2782cc346b73b7180e3e9a220041c
SHA1

b5d7dbb4f29e2567f9e4d67a9d64d7034ff5a968
SHA256

3220df74888873a8f81e0bde3f4743c25f908bf0c97b768863b67d8d78867425
SHA512

5124335f1362a836dd6f539052f705e64d080fc640abaf489c2407b819de9e79740ca0d5cc8a32310acecdd5e6a6076d83cb4cb7d013fc82b49b060c2b67dec9
SSDEEP

196608:DzB+082zIZNrOYyPugEl4ZXni32eZ3WU5QR6kj09F1lThXBhc+YX7:DzB+GeN/y2jl4N+2KWVR6u0P1l3Sj

Score

10^/10

44caliber xmrig discovery evasion miner stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2eb2782cc346b73b7180e3e9a220041c.exe

Resource

win7-20231215-en

44caliber xmrig evasion miner stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2eb2782cc346b73b7180e3e9a220041c.exe

Resource

win10v2004-20231215-en

44caliber discovery stealer

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/868513655556292688/7ViWQKXofSCTi8VWoHEcGeQK61RUEBYfnsE72cu6TJnpHYwlgzbrVI5gQn_jpfUMFoS5

Targets

- Target
  
  2eb2782cc346b73b7180e3e9a220041c
- Size
  
  9.3MB
- MD5
  
  2eb2782cc346b73b7180e3e9a220041c
- SHA1
  
  b5d7dbb4f29e2567f9e4d67a9d64d7034ff5a968
- SHA256
  
  3220df74888873a8f81e0bde3f4743c25f908bf0c97b768863b67d8d78867425
- SHA512
  
  5124335f1362a836dd6f539052f705e64d080fc640abaf489c2407b819de9e79740ca0d5cc8a32310acecdd5e6a6076d83cb4cb7d013fc82b49b060c2b67dec9
- SSDEEP
  
  196608:DzB+082zIZNrOYyPugEl4ZXni32eZ3WU5QR6kj09F1lThXBhc+YX7:DzB+GeN/y2jl4N+2KWVR6u0P1l3Sj
Score

10^/10

44caliber xmrig evasion miner stealer discovery
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Executes dropped EXE
- Modifies file permissions
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

44caliberxmrigevasionminerstealer

behavioral2

44caliberdiscoverystealer

© 2018-2024

Terms | Privacy