44caliber | fab22062cd6dca945108eec308117d1f61776f165a589b0dc40631e853f54739 | Triage

Submit
Reports

Overview

overview

Static

static

7

6ae3498cb9...27.exe

windows7-x64

6ae3498cb9...27.exe

windows10-2004-x64

Sharing

General

Target

6ae3498cb9a5ba2b89861ecd5af12627
Size

12.4MB
Sample

240120-tt5p3sdca8
MD5

6ae3498cb9a5ba2b89861ecd5af12627
SHA1

274f104b6115ede9bf664ba7a82862dc35808bba
SHA256

fab22062cd6dca945108eec308117d1f61776f165a589b0dc40631e853f54739
SHA512

4523fae5e13f8a23afd0b2a1ee905ac6714b2f2c52892c807d3ee3cc8065a41ff1f8c3a70e34c19c32737b11e6228c3ecdf394e5fbe0b24b3894398785558bef
SSDEEP

196608:pFYCPzfo99IAREBpvabnMxoVu1AQLC00atf/V85x8ew1Gfp4q/J4iylWCpmKLQgU:dPro99IACv7r1Jkav4xigxJ/clW3gs9

Score

10^/10

44caliber evasion spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6ae3498cb9a5ba2b89861ecd5af12627.exe

Resource

win7-20231215-en

44caliber evasion spyware stealer themida trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6ae3498cb9a5ba2b89861ecd5af12627.exe

Resource

win10v2004-20231215-en

44caliber evasion spyware stealer themida trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/870328559921668146/kazDUWGIa2HOkULS2qQpDIz38by-5RiNdWFILJQZSPRi2F9j1-5L1rtRf7yO0-V87Q4N

Targets

- Target
  
  6ae3498cb9a5ba2b89861ecd5af12627
- Size
  
  12.4MB
- MD5
  
  6ae3498cb9a5ba2b89861ecd5af12627
- SHA1
  
  274f104b6115ede9bf664ba7a82862dc35808bba
- SHA256
  
  fab22062cd6dca945108eec308117d1f61776f165a589b0dc40631e853f54739
- SHA512
  
  4523fae5e13f8a23afd0b2a1ee905ac6714b2f2c52892c807d3ee3cc8065a41ff1f8c3a70e34c19c32737b11e6228c3ecdf394e5fbe0b24b3894398785558bef
- SSDEEP
  
  196608:pFYCPzfo99IAREBpvabnMxoVu1AQLC00atf/V85x8ew1Gfp4q/J4iylWCpmKLQgU:dPro99IACv7r1Jkav4xigxJ/clW3gs9
Score

10^/10

44caliber evasion spyware stealer themida trojan
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

44caliberevasionspywarestealerthemidatrojan

behavioral2

44caliberevasionspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy