44caliber

General

Target

SoraStalcraftV2.exe
Size

13.6MB
Sample

240204-zmm5cacdhn
MD5

38241bc2e9e9a3191ad8e92c632850ae
SHA1

a9bcc7b97fbdaef560b0168bbf618d2e281118c5
SHA256

f0d71adc29ffaedb669c408229ae18dd75e23617b775446c3d6b6350255ca854
SHA512

8eb56e25100d5c703cf99202d6732357eb80afcc0df381e5221dea49b923b96f3840701949966c9b0d55ec095f08f31bbdd2487f0af47445bb83827d4179b71c
SSDEEP

393216:nT61FeREWa6YW+eGQ0oMTozGxu8C0ibfEau5qW80hoA/aU3q:nT6jeRm6YW+e5CoztZ0x5qW80hVa

Score

10^/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1203772983659724851/6JLTE-b3tZpPjAbl-3Mr3gYkduYW6mD4UiZgcOWlVvUuw2_2pbX01VIkrv9MymzF-FqX

Targets

- Target
  
  SoraStalcraftV2.exe
- Size
  
  13.6MB
- MD5
  
  38241bc2e9e9a3191ad8e92c632850ae
- SHA1
  
  a9bcc7b97fbdaef560b0168bbf618d2e281118c5
- SHA256
  
  f0d71adc29ffaedb669c408229ae18dd75e23617b775446c3d6b6350255ca854
- SHA512
  
  8eb56e25100d5c703cf99202d6732357eb80afcc0df381e5221dea49b923b96f3840701949966c9b0d55ec095f08f31bbdd2487f0af47445bb83827d4179b71c
- SSDEEP
  
  393216:nT61FeREWa6YW+eGQ0oMTozGxu8C0ibfEau5qW80hoA/aU3q:nT6jeRm6YW+e5CoztZ0x5qW80hVa
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2