Extracted

• • Target

    58c1a37139dc07fd0d4d800032cc65d0

  • Size

    1.7MB

  • MD5

    58c1a37139dc07fd0d4d800032cc65d0

  • SHA1

    62474977ece1d8b71400474d4998497089918c12

  • SHA256

    81673703e3620dd4760abc876882185a901fdebdd9db9ec6caad172adce76306

  • SHA512

    59dc2d2cf0a321b960af505231d5fbc373abc59a8f5fe2cf6c0c0908d68bb4454a176ba02243334e6331e6d5831c32b08dbd54bc290bbf02dc213f9d6677a365

  • SSDEEP

    49152:cuYkCr6/VlG1D3bGTHcQHl3Ll3HoCgn/Pa9MdYxGtbR:QVr6/21yR3h3IC8iKdd9

  Score

  10^/10

  44caliberblackguardspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2