44caliber | 9a3116e6c3d151a200859719980ee4cf2487217562312757b754774d266ca5b8 | Triage

Submit
Reports

Overview

overview

Static

static

3

b590138675...22.exe

windows7-x64

b590138675...22.exe

windows10-2004-x64

Sharing

General

Target

b590138675ad5aa75e4753edfebab622
Size

1.4MB
Sample

240305-yy1zxahb72
MD5

b590138675ad5aa75e4753edfebab622
SHA1

124eec668e6dc1bd1e4908089f5c874fd1a45937
SHA256

9a3116e6c3d151a200859719980ee4cf2487217562312757b754774d266ca5b8
SHA512

3f038e7dd129da5a2842abf7d37969e82ed9d30e89d611e8ca1f5b86098f4a8e6ae719826cabc43641bd5bd6cb047ad967ce8ae293f760755f64f5cae9370b9d
SSDEEP

24576:4vNIdb2DCPejfNy2Xp5nJdyEgBvKyNCkOxTsVTIAq2G4vXuQU5v8vJHLZRFe7JFf:8Nwb2uWJy2Xp5J4hRzNDaYIGGIXuQ8Q4

Score

10^/10

44caliber spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b590138675ad5aa75e4753edfebab622.exe

Resource

win7-20240221-en

44caliber spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b590138675ad5aa75e4753edfebab622.exe

Resource

win10v2004-20240226-en

44caliber spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/873463242905755648/toN0X9zZYgcbFlkZ7jCqLk4I_sGhgsbHl5HJ9jgcfMn_Sw0HRHJneP9bBZz01msNSKLJ

Targets

- Target
  
  b590138675ad5aa75e4753edfebab622
- Size
  
  1.4MB
- MD5
  
  b590138675ad5aa75e4753edfebab622
- SHA1
  
  124eec668e6dc1bd1e4908089f5c874fd1a45937
- SHA256
  
  9a3116e6c3d151a200859719980ee4cf2487217562312757b754774d266ca5b8
- SHA512
  
  3f038e7dd129da5a2842abf7d37969e82ed9d30e89d611e8ca1f5b86098f4a8e6ae719826cabc43641bd5bd6cb047ad967ce8ae293f760755f64f5cae9370b9d
- SSDEEP
  
  24576:4vNIdb2DCPejfNy2Xp5nJdyEgBvKyNCkOxTsVTIAq2G4vXuQU5v8vJHLZRFe7JFf:8Nwb2uWJy2Xp5J4hRzNDaYIGGIXuQ8Q4
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer

© 2018-2024

Terms | Privacy