44caliber

Resubmissions

08-02-2024 19:42

240208-ye7cksbg28 10

08-02-2024 19:33

240208-x9kavshh6s 10

Sharing

Copy URL

Twitter E-mail

General

Target

Korepi.rar
Size

22.4MB
Sample

240208-ye7cksbg28
MD5

ecb834d94edbee6f13e0851fa6caf1f4
SHA1

3212af8c23e6c19ef53b6b7d711397676b508e26
SHA256

3343644e85fc33f8cd3b97e0f7275053f1c272932379c61b3c0d3c620a23a4ee
SHA512

12e31a8d653f68c5b4af69b9f20622923fd1f28ea414e5dcdc2be373f5a4fcc860f01fafee3b11dca018568c3f602ad1d484c3c19c050ef5348d1c0bb6091254
SSDEEP

393216:daXr/gp4rHPuszFA5Hj/9/gp4rWcQQtwvxPCsWQQs/uszDq2Z/SE/Mb4KZnJsQwJ:di/gp6HHijV/gp6WVQGhW3stzZREb4Qq

Score

10^/10

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1204820036871651418/CUplXl5h8mK8wayRD4L98BI20GJlZ7pUqazPKIFG3k71PQZAQLEztS-LsGq873wkB2Tf

Targets

- Target
  
  Korepi/Korepi.exe
- Size
  
  274KB
- MD5
  
  efa2b41e3fad6f9748f69cee22300fd8
- SHA1
  
  9989d14b2b6876f53969ca4346109fd377013a71
- SHA256
  
  f8caf6d4c0c782dc6f40399a72286412dba50c081c38efee96417910516e0123
- SHA512
  
  2bca7353443a8e771abdd71780545f08e20d9231161802a7d838860f6149c07bf912142cf2c2def98439ee3d8904c65fb7f0a2f229dcf73575270062c3f60ec6
- SSDEEP
  
  6144:Af+BLtABPDLgj1xw1eO5rbMMzhgUsYqTXGRFafTyElI1D05KJ:r161eO5rbHHsYqTXGtp1DDJ
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  Korepi/d3dcompiler_47.dll
- Size
  
  3.9MB
- MD5
  
  ab3be0c427c6e405fad496db1545bd61
- SHA1
  
  76012f31db8618624bc8b563698b2669365e49cb
- SHA256
  
  827d12e4ed62520b663078bbf26f95dfd106526e66048cf75b5c9612b2fb7ce6
- SHA512
  
  d1dc2ec77c770c5da99e688d799f88b1e585f8dcf63e6876e237fe7fce6e23b528e6a5ef94ffc68283c60ae4e465ff19d3fd6f2fae5de4504b5479d68cbc4dba
- SSDEEP
  
  98304:q4Xyn7IfxiYMzgom1mEU/AJC/vujMD9rM:809om1hU/Aavu4D9rM
Score

3^/10
behavioral2
- Target
  
  Korepi/dll/ffmpeg.dll
- Size
  
  2.4MB
- MD5
  
  c921230b4bbe802f0d797db79d0009b9
- SHA1
  
  dd852ce1f82b2daadfb85efa9c53e3264e1d401e
- SHA256
  
  02a6d001e6dd944738e09b720e49dcb1272cb782b870e5ae319d4600bc192225
- SHA512
  
  6acdda7d638609ffa1989e50dde5a51436ae3d98e036b24ffc2c3f08bc0d39e91a5a2ea427063645f3141f06e7c272ca45fd41333d6770f8402651489a0f6da7
- SSDEEP
  
  49152:u/LIKmZb04F/xKbOhyoWKuVWaMhGoEIoqc8:u0vZjgqhyoW9v178
Score

1^/10
behavioral3
- Target
  
  Korepi/dll/libEGL.dll
- Size
  
  375KB
- MD5
  
  51cc9f3891cfe33e095f901c8e5f121d
- SHA1
  
  03ac95d250969e65a3ede7a29c3e5425ccdd9fe1
- SHA256
  
  961aff31cab097ebb973a32140c4f87c415734412771cf1fdfe24ddc675b54c2
- SHA512
  
  3351898af8c75afa8df3f300416bc9d40f4ead90ea947876140ec54a015fafd149427a9dfb5b7c8239ae229839edd786561a5a73ffe37f29758946fd18730039
- SSDEEP
  
  6144:5tp6qTYU1a4FPLg8Z166+6FKkHmIMTPSZMP:pvTnRm8Z161WGXPSZ
Score

1^/10
behavioral4
- Target
  
  Korepi/dll/libGLESv2.dll
- Size
  
  6.4MB
- MD5
  
  fb74e837a2ebbf59afeb09106644a9ab
- SHA1
  
  55225fcc692aa332f698960c3dc1140d791d1fa1
- SHA256
  
  e6ab5fc601d0d230c989d2f481b37c259a0a1fffb7fb841b7099a5e966f0088a
- SHA512
  
  585e464de076d6d2560288fe9430004430effb0599134bfb30fabb7bad3cdccff9458d21d17f580823a308cd6472f36d1f1ce6a04e568ba6dcca2e68fd39d63f
- SSDEEP
  
  196608:2NtQrp20oWAyqiq9RcMDBtC3rS4+4aJs4t:2NtQrp2uAypq0MDBtg1EJ
Score

3^/10
behavioral5
- Target
  
  Korepi/dll/vk_swiftshader.dll
- Size
  
  4.3MB
- MD5
  
  ad00a712203b9dfb702d886e43d215e6
- SHA1
  
  1921d4d14b5ac0a669f69cd852a41eba8377a434
- SHA256
  
  01742049534047b956328b9a0ca57f720e957edb684a6a0d70acc992e2b684fc
- SHA512
  
  f4672dce073c940fe3b9f9687fc9a195b5d0a6e51bb92c91047775be244ce95a2c743947eb05299d77cb3c8b914821984bb98182bc9afdc35e3963148f5562e0
- SSDEEP
  
  49152:TRFxCyzWuNtr3nQAqKktwjcXBQkHTTZjbryATFeYkScdII2HM2lbpTFk6dwkIIq/:TR+rwY1V2iy0SpGOjECAetx80J
Score

3^/10
behavioral6
- Target
  
  Korepi/dll/vulkan-1.dll
- Size
  
  774KB
- MD5
  
  c5292c08876926143ef404b3e638c314
- SHA1
  
  aa4917507da1bd71d0671c449af9e2e081295c90
- SHA256
  
  84c7f070e59f3b0bce2d32d4f2e6c7e03fb5d30f82a99c4edd8a251c9a3c0e74
- SHA512
  
  9e4d8f89de130d20ac7fcc34e3e8914320bed5d0ca61156a80a8d9bc66882e6f6a19012106e949ecda8e515203a605ad56e19ec0d4c0f73cfbab5f40c5746763
- SSDEEP
  
  12288:4UohdHyFed5rdrIlAj9HuibYc+0lNRcHVrkxhHnOs:4UoqAd5rdM6pOTc+kNR2kxVH
Score

3^/10
behavioral7
- Target
  
  Korepi/ffmpeg.dll
- Size
  
  2.4MB
- MD5
  
  c921230b4bbe802f0d797db79d0009b9
- SHA1
  
  dd852ce1f82b2daadfb85efa9c53e3264e1d401e
- SHA256
  
  02a6d001e6dd944738e09b720e49dcb1272cb782b870e5ae319d4600bc192225
- SHA512
  
  6acdda7d638609ffa1989e50dde5a51436ae3d98e036b24ffc2c3f08bc0d39e91a5a2ea427063645f3141f06e7c272ca45fd41333d6770f8402651489a0f6da7
- SSDEEP
  
  49152:u/LIKmZb04F/xKbOhyoWKuVWaMhGoEIoqc8:u0vZjgqhyoW9v178
Score

1^/10
behavioral8
- Target
  
  Korepi/libEGL.dll
- Size
  
  375KB
- MD5
  
  51cc9f3891cfe33e095f901c8e5f121d
- SHA1
  
  03ac95d250969e65a3ede7a29c3e5425ccdd9fe1
- SHA256
  
  961aff31cab097ebb973a32140c4f87c415734412771cf1fdfe24ddc675b54c2
- SHA512
  
  3351898af8c75afa8df3f300416bc9d40f4ead90ea947876140ec54a015fafd149427a9dfb5b7c8239ae229839edd786561a5a73ffe37f29758946fd18730039
- SSDEEP
  
  6144:5tp6qTYU1a4FPLg8Z166+6FKkHmIMTPSZMP:pvTnRm8Z161WGXPSZ
Score

1^/10
behavioral9
- Target
  
  Korepi/libGLESv2.dll
- Size
  
  6.4MB
- MD5
  
  fb74e837a2ebbf59afeb09106644a9ab
- SHA1
  
  55225fcc692aa332f698960c3dc1140d791d1fa1
- SHA256
  
  e6ab5fc601d0d230c989d2f481b37c259a0a1fffb7fb841b7099a5e966f0088a
- SHA512
  
  585e464de076d6d2560288fe9430004430effb0599134bfb30fabb7bad3cdccff9458d21d17f580823a308cd6472f36d1f1ce6a04e568ba6dcca2e68fd39d63f
- SSDEEP
  
  196608:2NtQrp20oWAyqiq9RcMDBtC3rS4+4aJs4t:2NtQrp2uAypq0MDBtg1EJ
Score

3^/10
behavioral10
- Target
  
  Korepi/vgrl.dll
- Size
  
  3.4MB
- MD5
  
  15620a9f1936c028377523116e657b82
- SHA1
  
  be2d28d85af3c0e98884b6874f4668d361caf7c4
- SHA256
  
  786499d901e9b4f7d5f5d00847fd09ee6ddfebe7ef824c53b49e569a670d6e28
- SHA512
  
  1ae0c54dd997aeb9d95a5f78be98ebf66a022545ec6e61422fd8c754030ffec0485aabf3ffa7b9ca9feb7c6f638cde94c7335d56a17d9eb9fea2c179f2326f9a
- SSDEEP
  
  98304:LKdCMlrcK9LLB9h9qVh8jhYY5BFtvhxijrvGPSo:mdLlrfdh9qVhk5BFv8r+PN
Score

1^/10
behavioral11
- Target
  
  Korepi/vivoxsdk.dll
- Size
  
  10.6MB
- MD5
  
  49c587d64530b5a31b246c791643abe5
- SHA1
  
  fb5afe2fe639f7b9d05d36b258c64fe20b1d1f19
- SHA256
  
  6f6b8cdf286f7f1aec5245834fb8a8afcd6f9c764a6988b1b738df828fea2c89
- SHA512
  
  90775234fa17f192445bde2b106e7ba7158ddc6e000400b9cb1fd0b095a2210e97d17b15d9ca398062d51eeac820536492da993172aa40d32306aa4aafe86666
- SSDEEP
  
  196608:ETXSBFCzbnyZnn5QiIfAnXYmgLyGR6FuvFaEWmys2LRVfrgt4fKIo4McwOJI/:ErSBwzbnyZTeAnIlLyZGP2TTgXIoHrx/
Score

1^/10
behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12