Overview

overview

10

Static

static

1

940edb1275...61.exe

windows7-x64

10

940edb1275...61.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-02-2024 06:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    940edb1275d4f4590edf64e0889abf61.exe

  • Size

    1.2MB

  • MD5

    940edb1275d4f4590edf64e0889abf61

  • SHA1

    5e699c98a7b9b1d3793611cdc45c560009685c2e

  • SHA256

    8b655a359fe66cd0031fa38ec2a03a0dd4b35b2da18684bc8359b4f1fa3fd293

  • SHA512

    cd385744913dcb4b7a99854cca69cd61e4b65fdf1463925b0545d8e7e5b454852cc68ae959aa68f4fa69263ec982364ce417f02e834078eb00f27902729000c2

  • SSDEEP

    24576:ehiER2uLDwQ9Zs26ZF6Hc2fKWm9is3Y0boUTCJ:cpT3w9rY8qKWj4Y05y

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/879339962309431326/Wo1u0LeBvuiTt_6vlQvfVfGtacXotCWzUOhH9TiugxqILQ5I6innKzyZKFua1L-0k0dx

Signatures

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\940edb1275d4f4590edf64e0889abf61.exe
    "C:\Users\Admin\AppData\Local\Temp\940edb1275d4f4590edf64e0889abf61.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt
    Filesize

    105B

    MD5

    2e9d094dda5cdc3ce6519f75943a4ff4

    SHA1

    5d989b4ac8b699781681fe75ed9ef98191a5096c

    SHA256

    c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

    SHA512

    d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

    Download Submit

  • C:\ProgramData\44\Process.txt
    Filesize

    1KB

    MD5

    786f7fd890524afa953ccfac38666133

    SHA1

    6f8da2ca26dcae420685f867192c78da0089ca2d

    SHA256

    ce80aaf6943037db79602a31879a1ab67ed211d83f9c1c92c1ca1faf5d066f9f

    SHA512

    ee493132de5aa085acf8bb61426f6fdaed3daf2d9b7c8fc50fe2557574d6031fe1bfd4e4610aa082d11b74ed4f57ac9936df00c8fd263774174ab52e3bee471c

    Download Submit

  • C:\ProgramData\44\Process.txt
    Filesize

    288B

    MD5

    36003acd2c30a6b8b6f81a18963d0a93

    SHA1

    ba4b3f68234c18c17562dfc5d652eb6dc975c3e8

    SHA256

    c58f986e9c2a2e6e265eed072b86c4c4e452fd96dd967bbd2624e34cf1a037ed

    SHA512

    dbd29506c63ae706cc5e1b19c041ecd7e05effa11021b59a132353dc21605b87c0ccb10fd7038cfeb2a29c905127cc1b2802357597be36857769ed641db25424

    Download Submit

  • C:\ProgramData\44\Process.txt
    Filesize

    729B

    MD5

    844f2d6b23dab454e43a36e9e88641f7

    SHA1

    ba13a82cc8ca15804961c6d1e291475bfabf0cb2

    SHA256

    09a656e8183b08c5ddcafffe25f5cf8431ac4739007c7c19701331986090fea2

    SHA512

    74e9c23ca286b7d5add61e09097d0a7766ebc2cf34bf03a4907b872ba9429aeabe8fb38ea064415be57c02e151f62caf8b2aa17f04ee4b4a380e5c9affd5e251

    Download Submit

  • memory/2472-2-0x0000000073D30000-0x00000000744E0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2472-5-0x0000000006060000-0x00000000060F2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2472-4-0x0000000005BF0000-0x0000000005C00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2472-38-0x0000000006F70000-0x0000000007514000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2472-0-0x0000000000390000-0x0000000000740000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2472-124-0x0000000007FD0000-0x0000000008036000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2472-3-0x0000000000390000-0x0000000000740000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2472-1-0x0000000000390000-0x0000000000740000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2472-128-0x0000000000390000-0x0000000000740000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/2472-129-0x0000000073D30000-0x00000000744E0000-memory.dmp

    Filesize

    7.7MB

    Download