Extracted

• • Target

    548a6a63ed47c3ffec35a49139a71537

  • Size

    13.1MB

  • MD5

    548a6a63ed47c3ffec35a49139a71537

  • SHA1

    efd633af58692e7189a6c3c63317c310884841c9

  • SHA256

    927bd6cdc3db441da001022f2e9a4091027f857ca6b7787a2acf87766cc8d9a3

  • SHA512

    a6097350d0f3df88c553e0a8b498162515754ab29e92cb3ca2b2299f62b2c5dde6c5310d7d3aef1225376fc08db8bfb6fc24600bffb39859fc872d8df25c8965

  • SSDEEP

    393216:pcChW/Sh1Y8pgQBL1jpQIcaMzWz8yNb3:aV/Sh18adMzWIyh3

  Score

  10^/10

  44caliberspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2