44caliber | e0166af88734a1ad71aa1dc6e18fbd4db40d5ab2177547d0091aa6202efc3c4a | Triage

Submit
Reports

Overview

overview

Static

static

1

7a4520a5b7...ca.exe

windows7-x64

7a4520a5b7...ca.exe

windows10-2004-x64

Sharing

General

Target

7a4520a5b7cb55ca8a4137be525703ca
Size

9.5MB
Sample

240127-pshfyacca7
MD5

7a4520a5b7cb55ca8a4137be525703ca
SHA1

307f0281d899630f6d2e7988a6570192a24b092e
SHA256

e0166af88734a1ad71aa1dc6e18fbd4db40d5ab2177547d0091aa6202efc3c4a
SHA512

e98d2a34f046f8eb4898cc6bb0820ab6655e862a31a9b4696e712994dc39d84a01af879ecedd640c0c333557b2f6639fc9dfc1930fab4f7a6a23c11641249813
SSDEEP

196608:WFSJAB+ZcpS+S6SrGTsD2dmmhGlkrwPgZS7rjsn6P44Nm0:WFS+Bkc0+Fe6dmracMR70

Score

10^/10

44caliber xmrig discovery evasion miner spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

7a4520a5b7cb55ca8a4137be525703ca.exe

Resource

win7-20231215-en

44caliber xmrig evasion miner spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a4520a5b7cb55ca8a4137be525703ca.exe

Resource

win10v2004-20231215-en

44caliber xmrig discovery evasion miner stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/868513655556292688/7ViWQKXofSCTi8VWoHEcGeQK61RUEBYfnsE72cu6TJnpHYwlgzbrVI5gQn_jpfUMFoS5

Targets

- Target
  
  7a4520a5b7cb55ca8a4137be525703ca
- Size
  
  9.5MB
- MD5
  
  7a4520a5b7cb55ca8a4137be525703ca
- SHA1
  
  307f0281d899630f6d2e7988a6570192a24b092e
- SHA256
  
  e0166af88734a1ad71aa1dc6e18fbd4db40d5ab2177547d0091aa6202efc3c4a
- SHA512
  
  e98d2a34f046f8eb4898cc6bb0820ab6655e862a31a9b4696e712994dc39d84a01af879ecedd640c0c333557b2f6639fc9dfc1930fab4f7a6a23c11641249813
- SSDEEP
  
  196608:WFSJAB+ZcpS+S6SrGTsD2dmmhGlkrwPgZS7rjsn6P44Nm0:WFS+Bkc0+Fe6dmracMR70
Score

10^/10

44caliber xmrig evasion miner spyware stealer discovery
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

44caliberxmrigevasionminerspywarestealer

behavioral2

44caliberxmrigdiscoveryevasionminerstealer

© 2018-2025

Terms | Privacy