Extracted

• • Target

    dda9fdfc7cce385b13c96a10d8634417

  • Size

    1.2MB

  • MD5

    dda9fdfc7cce385b13c96a10d8634417

  • SHA1

    45ac86dfe9f66937d06229840ae40543bb917a47

  • SHA256

    876e5e9bbaf937b3dbcdaf019eee4e2b492ed2cfa47c3e264467ac9c97c052f1

  • SHA512

    3a1fb982a79fe34cf0fedc2600ebe7f796fd0606596e45ebf80d14e2890b06f306969acb69a4374e5ac883e92d58953fe16828d8a00ddfa756eb518b42eece20

  • SSDEEP

    24576:NSVCwS8BA69IxW5iPOdN6Jufj/SPpLv0r9zND5d+53FH4K:NSwa15iPEK2KBM9zNV453F/

  Score

  10^/10

  44caliberspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2