Extracted

• • Target

    7786d92296517e19d9ef43301d5e9683

  • Size

    1.2MB

  • MD5

    7786d92296517e19d9ef43301d5e9683

  • SHA1

    846dcd8fca2ee19c26b0b8b79b0f41c8982ce907

  • SHA256

    8f727f5b33bac619cc7bbfe7ff24352319657cc603c687777b845babf018b932

  • SHA512

    03dd20dd3def940ed6813405f986c172470a5c16cfc4163adfccb6ae3368e2ab4d042409d3b8e20abaa371838fae853a3ddf9f4e7b61d7167c06046a7381ce3a

  • SSDEEP

    24576:pV2mtR9JIsBWHjnU2TttCrP8rIKDe1z+5IbkNritj:pjv9JIsBWHbpPUhZmIbkNrq

  Score

  10^/10

  44caliberspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2