44caliber

General

Target

812730ab78b75e54447cc2cef657f049
Size

1.2MB
Sample

240129-3lbxgadae9
MD5

812730ab78b75e54447cc2cef657f049
SHA1

74b23bbf12f837211fb10153b9297f7a4d22080f
SHA256

cbd7ccd03a3a3be29a706140db118e3236bf9c1e661faa3484d7eeb7595320fb
SHA512

4a1f1db3a9c5147bd57cd8610f3621f2c6f8113336fc649636f7fd2987751be44d363196dd3f105bc27179abdfcd0bb45b34e2ca9395b12467ca4f07563fd155
SSDEEP

24576:aWONscvqS0UDwzUYhwNf7Pqby1NYYVLs1OhqaBYIhuKtXUUKgVs:nOucv0JzTGBEaLI1qB4KtXUBgV

Score

10^/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/880153662645735455/ykvlzZ1p3W0sqQLzdINgrSNgQACh5-eayADFlIFVAXdkj6t4sAsGJjlgezM8GeSm7XVe

Targets

- Target
  
  812730ab78b75e54447cc2cef657f049
- Size
  
  1.2MB
- MD5
  
  812730ab78b75e54447cc2cef657f049
- SHA1
  
  74b23bbf12f837211fb10153b9297f7a4d22080f
- SHA256
  
  cbd7ccd03a3a3be29a706140db118e3236bf9c1e661faa3484d7eeb7595320fb
- SHA512
  
  4a1f1db3a9c5147bd57cd8610f3621f2c6f8113336fc649636f7fd2987751be44d363196dd3f105bc27179abdfcd0bb45b34e2ca9395b12467ca4f07563fd155
- SSDEEP
  
  24576:aWONscvqS0UDwzUYhwNf7Pqby1NYYVLs1OhqaBYIhuKtXUUKgVs:nOucv0JzTGBEaLI1qB4KtXUBgV
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2