Overview

overview

10

Static

static

1

7a4520a5b7...ca.exe

windows7-x64

10

7a4520a5b7...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a4520a5b7cb55ca8a4137be525703ca

  • Size

    9.5MB

  • Sample

    240127-pshfyacca7

  • MD5

    7a4520a5b7cb55ca8a4137be525703ca

  • SHA1

    307f0281d899630f6d2e7988a6570192a24b092e

  • SHA256

    e0166af88734a1ad71aa1dc6e18fbd4db40d5ab2177547d0091aa6202efc3c4a

  • SHA512

    e98d2a34f046f8eb4898cc6bb0820ab6655e862a31a9b4696e712994dc39d84a01af879ecedd640c0c333557b2f6639fc9dfc1930fab4f7a6a23c11641249813

  • SSDEEP

    196608:WFSJAB+ZcpS+S6SrGTsD2dmmhGlkrwPgZS7rjsn6P44Nm0:WFS+Bkc0+Fe6dmracMR70

Score
10/10
44caliberxmrigdiscoveryevasionminerspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/868513655556292688/7ViWQKXofSCTi8VWoHEcGeQK61RUEBYfnsE72cu6TJnpHYwlgzbrVI5gQn_jpfUMFoS5

Targets

    • Target

      7a4520a5b7cb55ca8a4137be525703ca

    • Size

      9.5MB

    • MD5

      7a4520a5b7cb55ca8a4137be525703ca

    • SHA1

      307f0281d899630f6d2e7988a6570192a24b092e

    • SHA256

      e0166af88734a1ad71aa1dc6e18fbd4db40d5ab2177547d0091aa6202efc3c4a

    • SHA512

      e98d2a34f046f8eb4898cc6bb0820ab6655e862a31a9b4696e712994dc39d84a01af879ecedd640c0c333557b2f6639fc9dfc1930fab4f7a6a23c11641249813

    • SSDEEP

      196608:WFSJAB+ZcpS+S6SrGTsD2dmmhGlkrwPgZS7rjsn6P44Nm0:WFS+Bkc0+Fe6dmracMR70

    Score
    10/10
    44caliberxmrigevasionminerspywarestealerdiscovery

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • XMRig Miner payload

      miner

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Defense Evasion

Impair Defenses

1
T1562

File and Directory Permissions Modification

1
T1222

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks