Extracted

• • Target

    d879f98415c5091a66206c2c8938b6af

  • Size

    1.2MB

  • MD5

    d879f98415c5091a66206c2c8938b6af

  • SHA1

    52e521e9e81ffc0bdd8125b90fdf9e4b42af91f2

  • SHA256

    17a63474761694df195922553ceed1733b9c5c940e6ef44a560fa5022a330931

  • SHA512

    fe23f5da35e1a245f3e5a31fcc8d38948ff3c4b127f3e8369545e01d849a8c6ef87803a7c929d35722050074e5e7ecd4f15f3e0ceac2880988595c09db88c0a9

  • SSDEEP

    24576:0p6QlVvkMxKht99iIp/puHMWZnaXnxN99uKq5tAVZnY0rUvVDDa:W6cBkM0riWpuHM2aXxnIBPU8h

  Score

  10^/10

  44caliberspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2