44caliber

Resubmissions

08-02-2024 19:42

240208-ye7cksbg28 10

08-02-2024 19:33

240208-x9kavshh6s 10

Sharing

Copy URL

Twitter E-mail

General

Target

Korepi.rar
Size

22.4MB
Sample

240208-x9kavshh6s
MD5

ecb834d94edbee6f13e0851fa6caf1f4
SHA1

3212af8c23e6c19ef53b6b7d711397676b508e26
SHA256

3343644e85fc33f8cd3b97e0f7275053f1c272932379c61b3c0d3c620a23a4ee
SHA512

12e31a8d653f68c5b4af69b9f20622923fd1f28ea414e5dcdc2be373f5a4fcc860f01fafee3b11dca018568c3f602ad1d484c3c19c050ef5348d1c0bb6091254
SSDEEP

393216:daXr/gp4rHPuszFA5Hj/9/gp4rWcQQtwvxPCsWQQs/uszDq2Z/SE/Mb4KZnJsQwJ:di/gp6HHijV/gp6WVQGhW3stzZREb4Qq

Score

10^/10

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1204820036871651418/CUplXl5h8mK8wayRD4L98BI20GJlZ7pUqazPKIFG3k71PQZAQLEztS-LsGq873wkB2Tf

Targets

- Target
  
  Korepi.rar
- Size
  
  22.4MB
- MD5
  
  ecb834d94edbee6f13e0851fa6caf1f4
- SHA1
  
  3212af8c23e6c19ef53b6b7d711397676b508e26
- SHA256
  
  3343644e85fc33f8cd3b97e0f7275053f1c272932379c61b3c0d3c620a23a4ee
- SHA512
  
  12e31a8d653f68c5b4af69b9f20622923fd1f28ea414e5dcdc2be373f5a4fcc860f01fafee3b11dca018568c3f602ad1d484c3c19c050ef5348d1c0bb6091254
- SSDEEP
  
  393216:daXr/gp4rHPuszFA5Hj/9/gp4rWcQQtwvxPCsWQQs/uszDq2Z/SE/Mb4KZnJsQwJ:di/gp6HHijV/gp6WVQGhW3stzZREb4Qq
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Korepi/Korepi.exe
- Size
  
  274KB
- MD5
  
  efa2b41e3fad6f9748f69cee22300fd8
- SHA1
  
  9989d14b2b6876f53969ca4346109fd377013a71
- SHA256
  
  f8caf6d4c0c782dc6f40399a72286412dba50c081c38efee96417910516e0123
- SHA512
  
  2bca7353443a8e771abdd71780545f08e20d9231161802a7d838860f6149c07bf912142cf2c2def98439ee3d8904c65fb7f0a2f229dcf73575270062c3f60ec6
- SSDEEP
  
  6144:Af+BLtABPDLgj1xw1eO5rbMMzhgUsYqTXGRFafTyElI1D05KJ:r161eO5rbHHsYqTXGtp1DDJ
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  Korepi/chrome_100_percent.pak
- Size
  
  126KB
- MD5
  
  d31f3439e2a3f7bee4ddd26f46a2b83f
- SHA1
  
  c5a26f86eb119ae364c5bf707bebed7e871fc214
- SHA256
  
  9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
- SHA512
  
  aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5
- SSDEEP
  
  3072:5KzwqCT4waJL2myFhPNL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:5Kzwt4LwmU3K18Gb0OV8ld0GecQ3f2
Score

3^/10
behavioral3
- Target
  
  Korepi/chrome_200_percent.pak
- Size
  
  175KB
- MD5
  
  5604b67e3f03ab2741f910a250c91137
- SHA1
  
  a4bb15ac7914c22575f1051a29c448f215fe027f
- SHA256
  
  1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
- SHA512
  
  5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d
- SSDEEP
  
  3072:+DQYaEQN6AJPRJL2myFhPNafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:+DQYaNN68RwmU0gx5GMRejnbdZnVE6YR
Score

3^/10
behavioral4
- Target
  
  Korepi/config/config.config
- Size
  
  161B
- MD5
  
  c16b0746faa39818049fe38709a82c62
- SHA1
  
  3fa322fe6ed724b1bc4fd52795428a36b7b8c131
- SHA256
  
  d61bde901e7189cc97d45a1d4c4aa39d4c4de2b68419773ec774338506d659ad
- SHA512
  
  cbcba899a067f8dc32cfcbd1779a6982d25955de91e1e02cee8eaf684a01b0dee3642c2a954903720ff6086de5a082147209868c03665c89f814c6219be2df7c
Score

1^/10
behavioral5
- Target
  
  Korepi/config/resources.pdb
- Size
  
  859KB
- MD5
  
  a94625694cb03f4d65d29d03d81a26d9
- SHA1
  
  d64d366da9e9f9c6ea9227b67f48c078e1b860f0
- SHA256
  
  e7e2f44e3eecd370607270bf468c863730a59f9a476a76092019d7457d2970ed
- SHA512
  
  8bf9456d2c0e145da6a4de3e325f176b47076d7b4669583eefa0435ed0180975be67d106524f75105a9f864e2fffc9a8b3ad57ee6a93ba3c999106ea12a9387c
- SSDEEP
  
  6144:OITx2IE9/00FgHGshz1yiTWkKZ4gQWbt1NpfJXz3z0XWbVJXz3zE:nogR8o27NpfFB
Score

3^/10
behavioral6
- Target
  
  Korepi/d3dcompiler_47.dll
- Size
  
  3.9MB
- MD5
  
  ab3be0c427c6e405fad496db1545bd61
- SHA1
  
  76012f31db8618624bc8b563698b2669365e49cb
- SHA256
  
  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
- SHA512
  
  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba
- SSDEEP
  
  98304:q4Xyn7IfxiYMzgom1mEU/AJC/vujMD9rM:809om1hU/Aavu4D9rM
Score

3^/10
behavioral7
- Target
  
  Korepi/d4dcompiler.config
- Size
  
  161B
- MD5
  
  c16b0746faa39818049fe38709a82c62
- SHA1
  
  3fa322fe6ed724b1bc4fd52795428a36b7b8c131
- SHA256
  
  d61bde901e7189cc97d45a1d4c4aa39d4c4de2b68419773ec774338506d659ad
- SHA512
  
  cbcba899a067f8dc32cfcbd1779a6982d25955de91e1e02cee8eaf684a01b0dee3642c2a954903720ff6086de5a082147209868c03665c89f814c6219be2df7c
Score

1^/10
behavioral8
- Target
  
  Korepi/dll/ffmpeg.dll
- Size
  
  2.4MB
- MD5
  
  c921230b4bbe802f0d797db79d0009b9
- SHA1
  
  dd852ce1f82b2daadfb85efa9c53e3264e1d401e
- SHA256
  
  02a6d001e6dd944738e09b720e49dcb1272cb782b870e5ae319d4600bc192225
- SHA512
  
  6acdda7d638609ffa1989e50dde5a51436ae3d98e036b24ffc2c3f08bc0d39e91a5a2ea427063645f3141f06e7c272ca45fd41333d6770f8402651489a0f6da7
- SSDEEP
  
  49152:u/LIKmZb04F/xKbOhyoWKuVWaMhGoEIoqc8:u0vZjgqhyoW9v178
Score

1^/10
behavioral9
- Target
  
  Korepi/dll/libEGL.dll
- Size
  
  375KB
- MD5
  
  51cc9f3891cfe33e095f901c8e5f121d
- SHA1
  
  03ac95d250969e65a3ede7a29c3e5425ccdd9fe1
- SHA256
  
  961aff31cab097ebb973a32140c4f87c415734412771cf1fdfe24ddc675b54c2
- SHA512
  
  3351898af8c75afa8df3f300416bc9d40f4ead90ea947876140ec54a015fafd149427a9dfb5b7c8239ae229839edd786561a5a73ffe37f29758946fd18730039
- SSDEEP
  
  6144:5tp6qTYU1a4FPLg8Z166+6FKkHmIMTPSZMP:pvTnRm8Z161WGXPSZ
Score

1^/10
behavioral10
- Target
  
  Korepi/dll/libGLESv2.dll
- Size
  
  6.4MB
- MD5
  
  fb74e837a2ebbf59afeb09106644a9ab
- SHA1
  
  55225fcc692aa332f698960c3dc1140d791d1fa1
- SHA256
  
  e6ab5fc601d0d230c989d2f481b37c259a0a1fffb7fb841b7099a5e966f0088a
- SHA512
  
  585e464de076d6d2560288fe9430004430effb0599134bfb30fabb7bad3cdccff9458d21d17f580823a308cd6472f36d1f1ce6a04e568ba6dcca2e68fd39d63f
- SSDEEP
  
  196608:2NtQrp20oWAyqiq9RcMDBtC3rS4+4aJs4t:2NtQrp2uAypq0MDBtg1EJ
Score

3^/10
behavioral11
- Target
  
  Korepi/dll/vk_swiftshader.dll
- Size
  
  4.3MB
- MD5
  
  ad00a712203b9dfb702d886e43d215e6
- SHA1
  
  1921d4d14b5ac0a669f69cd852a41eba8377a434
- SHA256
  
  01742049534047b956328b9a0ca57f720e957edb684a6a0d70acc992e2b684fc
- SHA512
  
  f4672dce073c940fe3b9f9687fc9a195b5d0a6e51bb92c91047775be244ce95a2c743947eb05299d77cb3c8b914821984bb98182bc9afdc35e3963148f5562e0
- SSDEEP
  
  49152:TRFxCyzWuNtr3nQAqKktwjcXBQkHTTZjbryATFeYkScdII2HM2lbpTFk6dwkIIq/:TR+rwY1V2iy0SpGOjECAetx80J
Score

3^/10
behavioral12
- Target
  
  Korepi/dll/vk_swiftshader_icd.json
- Size
  
  106B
- MD5
  
  8642dd3a87e2de6e991fae08458e302b
- SHA1
  
  9c06735c31cec00600fd763a92f8112d085bd12a
- SHA256
  
  32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
- SHA512
  
  f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f
Score

3^/10
behavioral13
- Target
  
  Korepi/dll/vulkan-1.dll
- Size
  
  774KB
- MD5
  
  c5292c08876926143ef404b3e638c314
- SHA1
  
  aa4917507da1bd71d0671c449af9e2e081295c90
- SHA256
  
  84c7f070e59f3b0bce2d32d4f2e6c7e03fb5d30f82a99c4edd8a251c9a3c0e74
- SHA512
  
  9e4d8f89de130d20ac7fcc34e3e8914320bed5d0ca61156a80a8d9bc66882e6f6a19012106e949ecda8e515203a605ad56e19ec0d4c0f73cfbab5f40c5746763
- SSDEEP
  
  12288:4UohdHyFed5rdrIlAj9HuibYc+0lNRcHVrkxhHnOs:4UoqAd5rdM6pOTc+kNR2kxVH
Score

3^/10
behavioral14
- Target
  
  Korepi/ffmpeg.dll
- Size
  
  2.4MB
- MD5
  
  c921230b4bbe802f0d797db79d0009b9
- SHA1
  
  dd852ce1f82b2daadfb85efa9c53e3264e1d401e
- SHA256
  
  02a6d001e6dd944738e09b720e49dcb1272cb782b870e5ae319d4600bc192225
- SHA512
  
  6acdda7d638609ffa1989e50dde5a51436ae3d98e036b24ffc2c3f08bc0d39e91a5a2ea427063645f3141f06e7c272ca45fd41333d6770f8402651489a0f6da7
- SSDEEP
  
  49152:u/LIKmZb04F/xKbOhyoWKuVWaMhGoEIoqc8:u0vZjgqhyoW9v178
Score

1^/10
behavioral15
- Target
  
  Korepi/icudtl.dat
- Size
  
  10.0MB
- MD5
  
  76bef9b8bb32e1e54fe1054c97b84a10
- SHA1
  
  05dfea2a3afeda799ab01bb7fbce628cacd596f4
- SHA256
  
  97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
- SHA512
  
  7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6
- SSDEEP
  
  196608:p5zwSv9AAyse6liXUxCGZHa93Whlw6ZCXU0:pyKlysTliXUxCGZHa93Whlw6ZCX1
Score

3^/10
behavioral16
- Target
  
  Korepi/libEGL.dll
- Size
  
  375KB
- MD5
  
  51cc9f3891cfe33e095f901c8e5f121d
- SHA1
  
  03ac95d250969e65a3ede7a29c3e5425ccdd9fe1
- SHA256
  
  961aff31cab097ebb973a32140c4f87c415734412771cf1fdfe24ddc675b54c2
- SHA512
  
  3351898af8c75afa8df3f300416bc9d40f4ead90ea947876140ec54a015fafd149427a9dfb5b7c8239ae229839edd786561a5a73ffe37f29758946fd18730039
- SSDEEP
  
  6144:5tp6qTYU1a4FPLg8Z166+6FKkHmIMTPSZMP:pvTnRm8Z161WGXPSZ
Score

1^/10
behavioral17
- Target
  
  Korepi/libGLESv2.dll
- Size
  
  6.4MB
- MD5
  
  fb74e837a2ebbf59afeb09106644a9ab
- SHA1
  
  55225fcc692aa332f698960c3dc1140d791d1fa1
- SHA256
  
  e6ab5fc601d0d230c989d2f481b37c259a0a1fffb7fb841b7099a5e966f0088a
- SHA512
  
  585e464de076d6d2560288fe9430004430effb0599134bfb30fabb7bad3cdccff9458d21d17f580823a308cd6472f36d1f1ce6a04e568ba6dcca2e68fd39d63f
- SSDEEP
  
  196608:2NtQrp20oWAyqiq9RcMDBtC3rS4+4aJs4t:2NtQrp2uAypq0MDBtg1EJ
Score

3^/10
behavioral18
- Target
  
  Korepi/system.yaml
- Size
  
  16KB
- MD5
  
  95a33bcd75c74597962b4d3adf2620b7
- SHA1
  
  2522e73650d2105cf07f4609c3f5ca4a01504434
- SHA256
  
  8f7b7fdd740bf8d5b7c30984e76e45cbfdaa18ba9b5a1ed6d5a2287630a27da0
- SHA512
  
  7dc1fe7ca9e3a5f1d337ee8935cb5c1482fa30cd9dad722ceca229bd45963d7c27dc980c4d4543d2fcf4aafa3d77140c7600d15925c4466c8cff5f92af0a6cc5
- SSDEEP
  
  384:gaNYrjNYLhNYbnNY5qANYdINYdhNYxgNY9zNYxmQNYjwle9NYLP2pE:k
Score

3^/10
behavioral19
- Target
  
  Korepi/systemlibegl.pdb
- Size
  
  859KB
- MD5
  
  a94625694cb03f4d65d29d03d81a26d9
- SHA1
  
  d64d366da9e9f9c6ea9227b67f48c078e1b860f0
- SHA256
  
  e7e2f44e3eecd370607270bf468c863730a59f9a476a76092019d7457d2970ed
- SHA512
  
  8bf9456d2c0e145da6a4de3e325f176b47076d7b4669583eefa0435ed0180975be67d106524f75105a9f864e2fffc9a8b3ad57ee6a93ba3c999106ea12a9387c
- SSDEEP
  
  6144:OITx2IE9/00FgHGshz1yiTWkKZ4gQWbt1NpfJXz3z0XWbVJXz3zE:nogR8o27NpfFB
Score

3^/10
behavioral20
- Target
  
  Korepi/vgrl.dll
- Size
  
  3.4MB
- MD5
  
  15620a9f1936c028377523116e657b82
- SHA1
  
  be2d28d85af3c0e98884b6874f4668d361caf7c4
- SHA256
  
  786499d901e9b4f7d5f5d00847fd09ee6ddfebe7ef824c53b49e569a670d6e28
- SHA512
  
  1ae0c54dd997aeb9d95a5f78be98ebf66a022545ec6e61422fd8c754030ffec0485aabf3ffa7b9ca9feb7c6f638cde94c7335d56a17d9eb9fea2c179f2326f9a
- SSDEEP
  
  98304:LKdCMlrcK9LLB9h9qVh8jhYY5BFtvhxijrvGPSo:mdLlrfdh9qVhk5BFv8r+PN
Score

1^/10
behavioral21
- Target
  
  Korepi/vivoxsdk.dll
- Size
  
  10.6MB
- MD5
  
  49c587d64530b5a31b246c791643abe5
- SHA1
  
  fb5afe2fe639f7b9d05d36b258c64fe20b1d1f19
- SHA256
  
  6f6b8cdf286f7f1aec5245834fb8a8afcd6f9c764a6988b1b738df828fea2c89
- SHA512
  
  90775234fa17f192445bde2b106e7ba7158ddc6e000400b9cb1fd0b095a2210e97d17b15d9ca398062d51eeac820536492da993172aa40d32306aa4aafe86666
- SSDEEP
  
  196608:ETXSBFCzbnyZnn5QiIfAnXYmgLyGR6FuvFaEWmys2LRVfrgt4fKIo4McwOJI/:ErSBwzbnyZTeAnIlLyZGP2TTgXIoHrx/
Score

1^/10
behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

44Caliber

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22