Overview

overview

10

Static

static

3

d879f98415...af.exe

windows7-x64

10

d879f98415...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d879f98415c5091a66206c2c8938b6af

  • Size

    1.2MB

  • Sample

    240320-lmbjnadf86

  • MD5

    d879f98415c5091a66206c2c8938b6af

  • SHA1

    52e521e9e81ffc0bdd8125b90fdf9e4b42af91f2

  • SHA256

    17a63474761694df195922553ceed1733b9c5c940e6ef44a560fa5022a330931

  • SHA512

    fe23f5da35e1a245f3e5a31fcc8d38948ff3c4b127f3e8369545e01d849a8c6ef87803a7c929d35722050074e5e7ecd4f15f3e0ceac2880988595c09db88c0a9

  • SSDEEP

    24576:0p6QlVvkMxKht99iIp/puHMWZnaXnxN99uKq5tAVZnY0rUvVDDa:W6cBkM0riWpuHM2aXxnIBPU8h

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/869534850812637194/fQ9SG1wbGT8eouo6vEUs5wADugNDHDhRWKq5RBk6gLjlDi9xEUaR3leD9AhGscQ-u377

Targets

    • Target

      d879f98415c5091a66206c2c8938b6af

    • Size

      1.2MB

    • MD5

      d879f98415c5091a66206c2c8938b6af

    • SHA1

      52e521e9e81ffc0bdd8125b90fdf9e4b42af91f2

    • SHA256

      17a63474761694df195922553ceed1733b9c5c940e6ef44a560fa5022a330931

    • SHA512

      fe23f5da35e1a245f3e5a31fcc8d38948ff3c4b127f3e8369545e01d849a8c6ef87803a7c929d35722050074e5e7ecd4f15f3e0ceac2880988595c09db88c0a9

    • SSDEEP

      24576:0p6QlVvkMxKht99iIp/puHMWZnaXnxN99uKq5tAVZnY0rUvVDDa:W6cBkM0riWpuHM2aXxnIBPU8h

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks