Analysis
-
max time kernel
138s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
29-01-2024 14:25
General
-
Target
8010a52546b7b4927e062e9f11d90cd4.exe
-
Size
1.2MB
-
MD5
8010a52546b7b4927e062e9f11d90cd4
-
SHA1
e080c197ea3deba26b51b83d7d8fca65220c20b0
-
SHA256
2b9acc15e272c93ebb1de7a8589d71bc0fef713bbcbd7d049960e4064d816c2b
-
SHA512
35bc392fa40804224dedea630bc55aa9b2646b615268e1222fec1a9d46872b49b67beb2a40057c92588a3b28141d23815658ccece78182e411de1e97164550ee
-
SSDEEP
24576:4IwdkMPH5dnYh6cBq0RQHD2MoulzpiwqdPrUPbBU5iuVAGU/f:JaZVw6cc7D2MJlztqVrUPb2km3U/f
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/866711810735996958/O6j2s0-Vj_HxOXRLkQqnJ3yalpf3Cuf5oOuopPL8nk4awQ3YRl6cndwNbPZLwQ8pLRY5
Signatures
-
44Caliber
An open source infostealer written in C#.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8010a52546b7b4927e062e9f11d90cd4.exe"C:\Users\Admin\AppData\Local\Temp\8010a52546b7b4927e062e9f11d90cd4.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD590dcab04da10914f5e2c665e4afb023e
SHA1f4481c94e396e4cab858d55395cb482cfaeaecac
SHA256a168febe0ed250799ee45a84de63023a404833407e456a3e3693e92b9548e771
SHA51202f6ce957c558c00a9342899e398761d22df93a6372c31fa5961bbf7ce0c31522118768b74541f3e12cbf7335729cd6f419256d3d3ae558781973f74967ffa92
-
Filesize
513B
MD5b991ca30903a6af8bfb7fa1f4252aeab
SHA11b2ef951c806b7fe6d3e1b0b505c9124d9493dba
SHA256ef7b737ab4cc66f46ad9d427d62be5703acf521f7b0fcffe662c7de577d1726a
SHA512c423ad0f952abc060bdd3a0bfb2e85d6d133b35cfdc0826276c9dcadfcec6d8e0705681d255f9b21251855d210683f02a2b14f90b706a6a677c3ecd81d363f1b
-
Filesize
970B
MD5696db9571cf23521b5264e672c49d6ce
SHA151fd4b61d26593dfe2f51741d7e7ec97c05baf6e
SHA25691ad9217bbbc68ac638029cb7c870ce274ab822041b5132a088167000286ba0d
SHA512e81a1a0837c4c21b4a0bff3e0f4c2953999fdc4b3124e0e31393e70716068a2bfe3bb5e71ca21d666a1153b795095513ad626631975d7828a3d8efca7d7ddb1c
-
Filesize
5.6MB
-
Filesize
64KB
-
Filesize
584KB
-
Filesize
3.7MB
-
Filesize
3.7MB
-
Filesize
3.7MB
-
Filesize
408KB
-
Filesize
7.7MB
-
Filesize
3.7MB
-
Filesize
7.7MB