44caliber | a8f8537dd994c6405a155144f0ea72f66f95e0beb94c64ace5dcede4e405e3d6

Sharing

Copy URL

Twitter E-mail

General

Target

a8f8537dd994c6405a155144f0ea72f66f95e0beb94c64ace5dcede4e405e3d6
Size

274KB
MD5

0f62fa73ab2574ad652247b0d0c1d53b
SHA1

9755b759767a62ee6f0d188fc0713b7d9f4da6c2
SHA256

a8f8537dd994c6405a155144f0ea72f66f95e0beb94c64ace5dcede4e405e3d6
SHA512

ba726cac73b9c5a491ba74cb61731d90da54ee9d709d6f08ea9bde41f5bd4cb6013de4e1e068df7ea29b12a9bb6d2dbb0cef2585057722f4260faf0cfe34d698
SSDEEP

6144:cf+BLtABPDLgj1xw1eO5rbMMzhgUsYqTXGR1afTyElI1D0uwX:n161eO5rbHHsYqTXG9p1D2X

Score

10^/10

44caliber

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1220750955448893500/rzVzB_J0mIM7yMj5hlY1HnUJ8dpAQ8Q15SDx6jq9JhiYRJikDTjetvA86KDH-S-q1sWM

Signatures

44caliber family
44caliber

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Detects executables referencing Discord tokens regular expressions 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Discord_Regex

Detects executables referencing credit card regular expressions 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_CC_Regex

Detects executables referencing many VPN software clients. Observed in infosteslers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_VPN

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8f8537dd994c6405a155144f0ea72f66f95e0beb94c64ace5dcede4e405e3d6

Files

a8f8537dd994c6405a155144f0ea72f66f95e0beb94c64ace5dcede4e405e3d6
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user\Desktop\44\44CALIBER-main\44CALIBER\obj\Release\Insidious.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 272KB - Virtual size: 271KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 272KB - Virtual size: 271KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B