Extracted

• • Target

    28805.jpg

  • Size

    318KB

  • MD5

    98292d50d2c53d6f735614e1b0b80536

  • SHA1

    8e21b801a7164dc99256d4cb910f36d3e81dc4e2

  • SHA256

    778e98a63909d17422bbb09478811d51acc4e790d29f91415b5c23865ce17a57

  • SHA512

    8d56037ed6b41d779c88e504d47bcbe67fe24dec3b318a45b7888f49bfd12780456d45cc7af60eefa6849ce4f89c783dee009eaf04e97d08de6c0ca199234aa0

  • SSDEEP

    6144:YUP06JN/MtcvKnlzxMhAHb2sqe6sgTUQkPzNd6xyJvDDZFpWC:Y2067o4Kdxj2e6s0jk5d6x0DtrX

  Score

  10^/10

  44caliberblackguardpersistencespywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • BlackGuard

    Infostealer first seen in Late 2021.

    stealerblackguard

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1