44caliber

General

Target

af48cbe6bc2be0d4fdbc89f9a6b89f06
Size

1.2MB
Sample

240229-x4es7aab3z
MD5

af48cbe6bc2be0d4fdbc89f9a6b89f06
SHA1

d05426cdeae28903bac323656fb91ea2b5bfa56f
SHA256

01f415da08ef6afa3a98e884ae3224d2f9c18bf629ce31f464ed8873b7d618f5
SHA512

f912183fa13c38a6e71a180cc66b6b0897d894faac9858c231c3474e73eb58366bbb0cb881ce0d9038fa5a7066cfa185ecfea289b717e90755d6901b954356d2
SSDEEP

24576:4WFyaqH/njZbno7e2RIymxTWk1DzW8fK4OrkFI+XljVy:43ak/nR1YIymxCk1RQkFNXf

Score

10^/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/854455368012136470/_D98IufglZBza7HIm00b7IU7WVWr1ueKrUUmmqdfsFcgk7qacR9lRK_A2S3k1Vq4Yupc

Targets

- Target
  
  af48cbe6bc2be0d4fdbc89f9a6b89f06
- Size
  
  1.2MB
- MD5
  
  af48cbe6bc2be0d4fdbc89f9a6b89f06
- SHA1
  
  d05426cdeae28903bac323656fb91ea2b5bfa56f
- SHA256
  
  01f415da08ef6afa3a98e884ae3224d2f9c18bf629ce31f464ed8873b7d618f5
- SHA512
  
  f912183fa13c38a6e71a180cc66b6b0897d894faac9858c231c3474e73eb58366bbb0cb881ce0d9038fa5a7066cfa185ecfea289b717e90755d6901b954356d2
- SSDEEP
  
  24576:4WFyaqH/njZbno7e2RIymxTWk1DzW8fK4OrkFI+XljVy:43ak/nR1YIymxCk1RQkFNXf
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2