Overview

overview

10

Static

static

10

d006975785...ae.exe

windows7-x64

10

d006975785...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d006975785908bd891378c66553267cb89746e95a6728d877941e6f25c94f3ae

  • Size

    303KB

  • MD5

    c763e936df8e54ad67dbfa4b3bd3c0bc

  • SHA1

    beaaa7a141823c64fb245f19ac3c2251fef900d1

  • SHA256

    d006975785908bd891378c66553267cb89746e95a6728d877941e6f25c94f3ae

  • SHA512

    4eafdd8a3f3f8041d51ea1019a1695f46781c5d47be7d1142a043c4cf9531a07343583f1c148db9277341a82aa1380bf2df2c866382ee8b9bfef611f0c78c5c1

  • SSDEEP

    6144:iBcT6MDdbICydeBP0+KUmylpnY6rmA1D0RWE:iBKM+KUmapY41DbE

Score
10/10
44caliber

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1226160357496721500/M8J7D5k1hO1RyahDiTtwdkk4Fvbpx4urcIZZllG8IAXSc4eGIg2m6G4UbF_cjPMvvv0D

Signatures

  • 44caliber family
    44caliber
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables referencing Discord tokens regular expressions 1 IoCs
  • Detects executables referencing credit card regular expressions 1 IoCs
  • Detects executables referencing many VPN software clients. Observed in infosteslers 1 IoCs
  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d006975785908bd891378c66553267cb89746e95a6728d877941e6f25c94f3ae
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections