Extracted

• • Target

    874dad172d7d4af0bab54a7a5b7dc6a7

  • Size

    1.7MB

  • MD5

    874dad172d7d4af0bab54a7a5b7dc6a7

  • SHA1

    26917510b8f15642cf6ded5281ee4f364366ede1

  • SHA256

    d963729366502cb3aa25b180774331bbc36505388b9a88e18de5c1e31bb22c44

  • SHA512

    be2744820aad996309429fec956d04ffaa34deea3f539406d19a7ab8119948b5ddc90a4a7febb69cac8aefde164aaa6868c15d35932af0032784883e2195ea4c

  • SSDEEP

    49152:QtgXScc+ckmtEs4MMrb1NpN95VDLTwNAjg:9i+Xm2BMu/nX

  Score

  10^/10

  44caliberblackguardspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2