Extracted

• • Target

    32595ac79386e97e05f876c5dd2ab874

  • Size

    1.7MB

  • MD5

    32595ac79386e97e05f876c5dd2ab874

  • SHA1

    c989b9d5095373707323209898e9af47d695b289

  • SHA256

    9935470ff0da61daff7361e3376f0a40401757e4d0ce6c20f07333bc6f041085

  • SHA512

    46a1592acee78ed4104bd68830f23665ac0cbbe8be1734c57d0b393b0a9daeabcfafee13f0083447a842c3578cd3d99cc18dbeb0eff3a0f0582f349b12ca068d

  • SSDEEP

    49152:RTaXfndwbmGJMZeFNOHoabDvhn0TKfurQqlnJfVWncA0xGM:RTkft2NVabD10TKfoFu50/

  Score

  10^/10

  44caliberblackguardspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2