44caliber | 7a84efcf08949adc80fc115f1da3fe4f153e270eb047ea8e96a584299936324e

Analysis

max time kernel
7s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51426225675c0ddb35e94704265ae42f.exe
Size

5KB
MD5

51426225675c0ddb35e94704265ae42f
SHA1

c28dffec6f9478034bebdb6a2328c5fdfd370a24
SHA256

7a84efcf08949adc80fc115f1da3fe4f153e270eb047ea8e96a584299936324e
SHA512

a7d62e5e096c69508adc0f201dbc5c4c9d32ebe075851b1fd5c7945143d222b7a7018796f9a0ed355173510eecf624215bf654a64259ab0bedb2c6baf1e9d63a
SSDEEP

48:6ZccNnlZOJ6dbKhIBo7hzNMPB+0b9ZSMLuYbr/it1PlPvP7FYvpfbNtm:O3OJ6db2H7cDbydv6BzNt

Score

10^/10

44caliber stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/870312877347717170/6XS4TbEnvrNxzmzuSVtOYoUeIAugviKP_WONyL7CmXFhGDJBGjGfxflBEEinBRzZwIi7

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

51426225675c0ddb35e94704265ae42f.exe

description pid process

Token: SeDebugPrivilege 1748 51426225675c0ddb35e94704265ae42f.exe

description	pid	process
Token: SeDebugPrivilege	1748	51426225675c0ddb35e94704265ae42f.exe

C:\Users\Admin\AppData\Local\Temp\51426225675c0ddb35e94704265ae42f.exe
"C:\Users\Admin\AppData\Local\Temp\51426225675c0ddb35e94704265ae42f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1748

C:\Users\Admin\AppData\Local\Temp\2kco4xji.djw.exe
"C:\Users\Admin\AppData\Local\Temp\2kco4xji.djw.exe"
2⤵
PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1748-1-0x0000000074A50000-0x0000000075200000-memory.dmp

Filesize
7.7MB

Download
memory/1748-0-0x0000000000D70000-0x0000000000D78000-memory.dmp

Filesize
32KB

Download
memory/1748-2-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/1748-16-0x0000000074A50000-0x0000000075200000-memory.dmp

Filesize
7.7MB

Download
memory/2840-22-0x00007FF9DA3D0000-0x00007FF9DAE91000-memory.dmp

Filesize
10.8MB

Download
memory/2840-37-0x000000001ADB0000-0x000000001ADC0000-memory.dmp

Filesize
64KB

Download
memory/2840-15-0x0000000000110000-0x000000000015A000-memory.dmp

Filesize
296KB

Download
memory/2840-146-0x00007FF9DA3D0000-0x00007FF9DAE91000-memory.dmp

Filesize
10.8MB

Download