General
-
Target
548a6a63ed47c3ffec35a49139a71537
-
Size
13.1MB
-
Sample
240111-zkm2kahbh7
-
MD5
548a6a63ed47c3ffec35a49139a71537
-
SHA1
efd633af58692e7189a6c3c63317c310884841c9
-
SHA256
927bd6cdc3db441da001022f2e9a4091027f857ca6b7787a2acf87766cc8d9a3
-
SHA512
a6097350d0f3df88c553e0a8b498162515754ab29e92cb3ca2b2299f62b2c5dde6c5310d7d3aef1225376fc08db8bfb6fc24600bffb39859fc872d8df25c8965
-
SSDEEP
393216:pcChW/Sh1Y8pgQBL1jpQIcaMzWz8yNb3:aV/Sh18adMzWIyh3
Malware Config
Extracted
44caliber
https://discordapp.com/api/webhooks/873463242905755648/toN0X9zZYgcbFlkZ7jCqLk4I_sGhgsbHl5HJ9jgcfMn_Sw0HRHJneP9bBZz01msNSKLJ
Targets
-
-
Target
548a6a63ed47c3ffec35a49139a71537
-
Size
13.1MB
-
MD5
548a6a63ed47c3ffec35a49139a71537
-
SHA1
efd633af58692e7189a6c3c63317c310884841c9
-
SHA256
927bd6cdc3db441da001022f2e9a4091027f857ca6b7787a2acf87766cc8d9a3
-
SHA512
a6097350d0f3df88c553e0a8b498162515754ab29e92cb3ca2b2299f62b2c5dde6c5310d7d3aef1225376fc08db8bfb6fc24600bffb39859fc872d8df25c8965
-
SSDEEP
393216:pcChW/Sh1Y8pgQBL1jpQIcaMzWz8yNb3:aV/Sh18adMzWIyh3
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-