Overview

overview

10

Static

static

3

bb0a44e79b...4c.exe

windows7-x64

10

bb0a44e79b...4c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb0a44e79b092106f1f55f80f5a5554c

  • Size

    320KB

  • Sample

    240308-ml72xacg95

  • MD5

    bb0a44e79b092106f1f55f80f5a5554c

  • SHA1

    63025a44274e6d89e95ed9c5cb79f8c3a371528b

  • SHA256

    17a5e7c0ddc39e588648b9e84e2a4c6ee8243558a6bacc3eceedb8c57ae13e04

  • SHA512

    12f82d46c5ac7a78742bc539018461d4699fd2297cf4adbf00d47d57452f2d013aab03644ec35398c66a5607a4ee1839c4287311947699bd92e3581af45fa0e3

  • SSDEEP

    6144:tKAWzXyGLOeQS1+O8+Z6drfcF0NaanahA0z0CPI4O7c5l:tdWzXyGLOeb846djcFQEZOo

Score
10/10
44caliberpersistencestealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/873206223183433798/33HU-Ko_-yJdLbMSPdpbWYalHeLEd56rzBIo2fa7IV1r_T7BoM0H46slF9msGWiznz2K

Targets

    • Target

      bb0a44e79b092106f1f55f80f5a5554c

    • Size

      320KB

    • MD5

      bb0a44e79b092106f1f55f80f5a5554c

    • SHA1

      63025a44274e6d89e95ed9c5cb79f8c3a371528b

    • SHA256

      17a5e7c0ddc39e588648b9e84e2a4c6ee8243558a6bacc3eceedb8c57ae13e04

    • SHA512

      12f82d46c5ac7a78742bc539018461d4699fd2297cf4adbf00d47d57452f2d013aab03644ec35398c66a5607a4ee1839c4287311947699bd92e3581af45fa0e3

    • SSDEEP

      6144:tKAWzXyGLOeQS1+O8+Z6drfcF0NaanahA0z0CPI4O7c5l:tdWzXyGLOeb846djcFQEZOo

    Score
    10/10
    44caliberpersistencestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks