44caliber | 448967b377216a712b478014c50cd629c0206d2dd92ab9c0dae06a7664a5319e | Triage

Submit
Reports

Overview

overview

Static

static

1

77b51b8a44...18.exe

windows7-x64

77b51b8a44...18.exe

windows10-2004-x64

Sharing

General

Target

77b51b8a444051c06b2c3ab6c8007918_JaffaCakes118
Size

584KB
Sample

240401-xh4v7ach22
MD5

77b51b8a444051c06b2c3ab6c8007918
SHA1

b30f9b6c953fcda79d55a6b543b06cd74fede024
SHA256

448967b377216a712b478014c50cd629c0206d2dd92ab9c0dae06a7664a5319e
SHA512

07942e91af9dc7b08095af6da7c2adb918f68901605db55bed10acc6f336db9860390fd57e99231dbbce7b6ec694651689e4fdf996d80f69649822c5a0662981
SSDEEP

12288:EzxzTDWikLSb4NS7ET+tG1XIOwfeunRAa3iZKl7LaXckptdq:CDWHSb4NhuO3cRAaSZKl7ZkptU

Score

10^/10

44caliber spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

77b51b8a444051c06b2c3ab6c8007918_JaffaCakes118.exe

Resource

win7-20240221-en

44caliber spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

77b51b8a444051c06b2c3ab6c8007918_JaffaCakes118.exe

Resource

win10v2004-20240226-en

44caliber spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/898882176861499423/G8KdTLkgIFoIqay3cr06uUQESE6aJK-HhfEEQTfxaofinc_qsYiGOih8kKR3fXHbXjKJ

Targets

- Target
  
  77b51b8a444051c06b2c3ab6c8007918_JaffaCakes118
- Size
  
  584KB
- MD5
  
  77b51b8a444051c06b2c3ab6c8007918
- SHA1
  
  b30f9b6c953fcda79d55a6b543b06cd74fede024
- SHA256
  
  448967b377216a712b478014c50cd629c0206d2dd92ab9c0dae06a7664a5319e
- SHA512
  
  07942e91af9dc7b08095af6da7c2adb918f68901605db55bed10acc6f336db9860390fd57e99231dbbce7b6ec694651689e4fdf996d80f69649822c5a0662981
- SSDEEP
  
  12288:EzxzTDWikLSb4NS7ET+tG1XIOwfeunRAa3iZKl7LaXckptdq:CDWHSb4NhuO3cRAaSZKl7ZkptU
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer

© 2018-2024

Terms | Privacy