44caliber | bce20f47da6456aa5e8ad6a47bef1e56b06efdac90e206d72edf3818e7c28bc9 | Triage

Submit
Reports

Overview

overview

Static

static

Dupe V4.42.exe

windows7-x64

Dupe V4.42.exe

windows10-2004-x64

Sharing

General

Target

Dupe V4.42.exe
Size

274KB
Sample

240224-14wngsgd9t
MD5

e69695656727b24faa0cce67b8a5a1fe
SHA1

b71ca6b4f9f35bfd551ebf8d09255e4c8b13cc13
SHA256

bce20f47da6456aa5e8ad6a47bef1e56b06efdac90e206d72edf3818e7c28bc9
SHA512

7ddd3bc8229ffa318b1e6a1a8b19e11d8c1088dfd4c07fccf84d1e39501c562e2adb28fd02fac257f2c5f5b25412c151c4c168dac038f55f7e1a693fd2977c66
SSDEEP

6144:wf+BLtABPDsth6Ej/UZkI4TjkRy5xafTyUlI1D0bft:DtK+I4TjkRyZZ1DQt

Score

10^/10

44caliber spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Dupe V4.42.exe

Resource

win7-20240220-en

44caliber spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Dupe V4.42.exe

Resource

win10v2004-20240221-en

44caliber spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1206974551552958464/exNVrcQItQDQp5Vif4AyKwrQX7lXQIl06vDpIAqDtX0OwImj8IH-5I460UrzegqRF6l4

Targets

- Target
  
  Dupe V4.42.exe
- Size
  
  274KB
- MD5
  
  e69695656727b24faa0cce67b8a5a1fe
- SHA1
  
  b71ca6b4f9f35bfd551ebf8d09255e4c8b13cc13
- SHA256
  
  bce20f47da6456aa5e8ad6a47bef1e56b06efdac90e206d72edf3818e7c28bc9
- SHA512
  
  7ddd3bc8229ffa318b1e6a1a8b19e11d8c1088dfd4c07fccf84d1e39501c562e2adb28fd02fac257f2c5f5b25412c151c4c168dac038f55f7e1a693fd2977c66
- SSDEEP
  
  6144:wf+BLtABPDsth6Ej/UZkI4TjkRy5xafTyUlI1D0bft:DtK+I4TjkRyZZ1DQt
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer

© 2018-2024

Terms | Privacy