Overview

overview

10

Static

static

3

dda9fdfc7c...17.exe

windows7-x64

10

dda9fdfc7c...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dda9fdfc7cce385b13c96a10d8634417

  • Size

    1.2MB

  • Sample

    240325-lbm4baca53

  • MD5

    dda9fdfc7cce385b13c96a10d8634417

  • SHA1

    45ac86dfe9f66937d06229840ae40543bb917a47

  • SHA256

    876e5e9bbaf937b3dbcdaf019eee4e2b492ed2cfa47c3e264467ac9c97c052f1

  • SHA512

    3a1fb982a79fe34cf0fedc2600ebe7f796fd0606596e45ebf80d14e2890b06f306969acb69a4374e5ac883e92d58953fe16828d8a00ddfa756eb518b42eece20

  • SSDEEP

    24576:NSVCwS8BA69IxW5iPOdN6Jufj/SPpLv0r9zND5d+53FH4K:NSwa15iPEK2KBM9zNV453F/

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/859014405580783637/J-rOLcLQORAp4rSIpre0H46Lhmzd8QK1hgRFNA4mqYSEz6dtJRq9HsK-id725NgqZTvK

Targets

    • Target

      dda9fdfc7cce385b13c96a10d8634417

    • Size

      1.2MB

    • MD5

      dda9fdfc7cce385b13c96a10d8634417

    • SHA1

      45ac86dfe9f66937d06229840ae40543bb917a47

    • SHA256

      876e5e9bbaf937b3dbcdaf019eee4e2b492ed2cfa47c3e264467ac9c97c052f1

    • SHA512

      3a1fb982a79fe34cf0fedc2600ebe7f796fd0606596e45ebf80d14e2890b06f306969acb69a4374e5ac883e92d58953fe16828d8a00ddfa756eb518b42eece20

    • SSDEEP

      24576:NSVCwS8BA69IxW5iPOdN6Jufj/SPpLv0r9zND5d+53FH4K:NSwa15iPEK2KBM9zNV453F/

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks