44caliber | c0659d1d06570476094065f6c0c0311f9245396bf9be92b8f6ea5279839576b5 | Triage

Sharing

General

Target

e4c3f4417160312aa250e48270aaeb1a_JaffaCakes118
Size

1.2MB
Sample

240407-m4fqdabb9w
MD5

e4c3f4417160312aa250e48270aaeb1a
SHA1

761176124100512dcb5da7464d92817a47ba43e7
SHA256

c0659d1d06570476094065f6c0c0311f9245396bf9be92b8f6ea5279839576b5
SHA512

616a2c6aadad3537e82b5cb34c851c60c4984222a3aae07d75f37eec14aa89121c3c2828b6a0ae1ced0b9c44d59d22bc83445e2eaf866943ff45f863f18c4567
SSDEEP

24576:5gfatobwIGwSzHuxzwncFBbe8ik3hPdlGrTtMFQgaxuek515EaD2:I+o7gSzwcFBbe85X+qQnKIaD2

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/854313898911596545/vf42nHbpYOtpVdWXayUdaNtSd5X-l0f9HNHclQ0yL0cLNKWaJXCXzLpHEcwmDefY0mBf

Targets

- Target
  
  e4c3f4417160312aa250e48270aaeb1a_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  e4c3f4417160312aa250e48270aaeb1a
- SHA1
  
  761176124100512dcb5da7464d92817a47ba43e7
- SHA256
  
  c0659d1d06570476094065f6c0c0311f9245396bf9be92b8f6ea5279839576b5
- SHA512
  
  616a2c6aadad3537e82b5cb34c851c60c4984222a3aae07d75f37eec14aa89121c3c2828b6a0ae1ced0b9c44d59d22bc83445e2eaf866943ff45f863f18c4567
- SSDEEP
  
  24576:5gfatobwIGwSzHuxzwncFBbe8ik3hPdlGrTtMFQgaxuek515EaD2:I+o7gSzwcFBbe85X+qQnKIaD2
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44caliberspywarestealer

behavioral2

44caliberspywarestealer