44caliber | 6d98a1918e9e369bd93004139d60fe0a4091fd922e2b6360e082b6393e41b33b | Triage

Submit
Reports

Overview

overview

Static

static

3

3eaf5c311f...1f.exe

windows7-x64

3eaf5c311f...1f.exe

windows10-2004-x64

8

Sharing

General

Target

3eaf5c311f690177a99c5ec95a22141f.exe
Size

6.4MB
Sample

240103-sp7s7saab5
MD5

3eaf5c311f690177a99c5ec95a22141f
SHA1

c02da138a3a10b34b0f1bd6d621a086c23e267bf
SHA256

6d98a1918e9e369bd93004139d60fe0a4091fd922e2b6360e082b6393e41b33b
SHA512

bf842f8e5c660e1ee9ed27541334c1ba8b70e4e87d05ac83acc7dd1d26b420cd85c874a1668239f0e035a8748992bbdec2a2843e3e07d3c5398573b3c854e2e3
SSDEEP

196608:bKrD7Ptz/yNGti995FNIew3JfOFzOtNPxj:kPN/HmTZwEzODJ

Score

10^/10

44caliber xmrig discovery evasion miner spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3eaf5c311f690177a99c5ec95a22141f.exe

Resource

win7-20231215-en

44caliber xmrig evasion miner spyware stealer

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

3eaf5c311f690177a99c5ec95a22141f.exe

Resource

win10v2004-20231215-en

discovery evasion

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  3eaf5c311f690177a99c5ec95a22141f.exe
- Size
  
  6.4MB
- MD5
  
  3eaf5c311f690177a99c5ec95a22141f
- SHA1
  
  c02da138a3a10b34b0f1bd6d621a086c23e267bf
- SHA256
  
  6d98a1918e9e369bd93004139d60fe0a4091fd922e2b6360e082b6393e41b33b
- SHA512
  
  bf842f8e5c660e1ee9ed27541334c1ba8b70e4e87d05ac83acc7dd1d26b420cd85c874a1668239f0e035a8748992bbdec2a2843e3e07d3c5398573b3c854e2e3
- SSDEEP
  
  196608:bKrD7Ptz/yNGti995FNIew3JfOFzOtNPxj:kPN/HmTZwEzODJ
Score

10^/10

44caliber xmrig evasion miner spyware stealer discovery
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

44caliberxmrigevasionminerspywarestealer

behavioral2

discoveryevasion

© 2018-2024

Terms | Privacy