44caliber

General

Target

Insidious.exe
Size

303KB
Sample

240221-na66xaeh57
MD5

cd1ac5775cfc183e6ebfb9397f4ae3c7
SHA1

8937b324e8c47f3b858d6e56c3705a96d5cf5d40
SHA256

9b7e5212ceb95912f0776f8bd48eac1b1098e9807e8f27291a3ffdd592c4e974
SHA512

d26c95bb9ccad0b1b3195e23dfc5b9e8cfeba458c0605ddefae3d807545b024a09d70aeb6d6f0c9d04472124b0ff7f28744ca534f107be2a72c0ab4366826c78
SSDEEP

6144:YjFT6MDdbICydeB0iG54G4S+ZoHi63mA1D0LGC:YjzQ54G4SuoCU1DBC

Score

10^/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1209815343875235840/T1sUleC88lxasrU1EpgCYPjJI1NBPf57Wdr3z0H9p3gJmNIVwOVbhzTSCb3qRBCKKNRj

Targets

- Target
  
  Insidious.exe
- Size
  
  303KB
- MD5
  
  cd1ac5775cfc183e6ebfb9397f4ae3c7
- SHA1
  
  8937b324e8c47f3b858d6e56c3705a96d5cf5d40
- SHA256
  
  9b7e5212ceb95912f0776f8bd48eac1b1098e9807e8f27291a3ffdd592c4e974
- SHA512
  
  d26c95bb9ccad0b1b3195e23dfc5b9e8cfeba458c0605ddefae3d807545b024a09d70aeb6d6f0c9d04472124b0ff7f28744ca534f107be2a72c0ab4366826c78
- SSDEEP
  
  6144:YjFT6MDdbICydeB0iG54G4S+ZoHi63mA1D0LGC:YjzQ54G4SuoCU1DBC
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2