General
-
Target
7786d92296517e19d9ef43301d5e9683
-
Size
1.2MB
-
Sample
240126-q37n9afae5
-
MD5
7786d92296517e19d9ef43301d5e9683
-
SHA1
846dcd8fca2ee19c26b0b8b79b0f41c8982ce907
-
SHA256
8f727f5b33bac619cc7bbfe7ff24352319657cc603c687777b845babf018b932
-
SHA512
03dd20dd3def940ed6813405f986c172470a5c16cfc4163adfccb6ae3368e2ab4d042409d3b8e20abaa371838fae853a3ddf9f4e7b61d7167c06046a7381ce3a
-
SSDEEP
24576:pV2mtR9JIsBWHjnU2TttCrP8rIKDe1z+5IbkNritj:pjv9JIsBWHbpPUhZmIbkNrq
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/878380228894937168/1FKbQhM8XJ4ozljtwifZ-1m-XeYw5uknMJLH4X2t0Qxup8aulmWIgdRLa1z0jAtb9Z9u
Targets
-
-
Target
7786d92296517e19d9ef43301d5e9683
-
Size
1.2MB
-
MD5
7786d92296517e19d9ef43301d5e9683
-
SHA1
846dcd8fca2ee19c26b0b8b79b0f41c8982ce907
-
SHA256
8f727f5b33bac619cc7bbfe7ff24352319657cc603c687777b845babf018b932
-
SHA512
03dd20dd3def940ed6813405f986c172470a5c16cfc4163adfccb6ae3368e2ab4d042409d3b8e20abaa371838fae853a3ddf9f4e7b61d7167c06046a7381ce3a
-
SSDEEP
24576:pV2mtR9JIsBWHjnU2TttCrP8rIKDe1z+5IbkNritj:pjv9JIsBWHbpPUhZmIbkNrq
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-