Overview

overview

10

Static

static

10

ad163810f3...04.exe

windows7-x64

10

ad163810f3...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad163810f30beced498a9a1a318feace07c079aba853f34684d2e1c9a796ab04

  • Size

    281KB

  • Sample

    240413-a3e18sbh2x

  • MD5

    c2a957c32ba544e18bdce5c89b31e4ec

  • SHA1

    4ffea92024bfa254b6cde85f9b3bc203d1c268fb

  • SHA256

    ad163810f30beced498a9a1a318feace07c079aba853f34684d2e1c9a796ab04

  • SHA512

    97b080498fca48a287f15cbae0a12042f865f839af67d29c51459ef685eb25f49ce089424be1886ab7c7e5f5cf922770e80f2874f12c9aaeff63b749ec612827

  • SSDEEP

    3072:idHdrST3duBTeYNq83VpxQinpsXfuAfAQcUC+bqAHd84sHjhIrdlfGm23hI/KQ7L:cs3duBaYNqhWQGWqAHS4sHjKZxE

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1227237091100856442/BrQxsxv7iOW1INure2NRj8h9j_kNz4zTZWTlu2pl8X31A4tO36IWEoyPoqQ6KOZ7S1qy

Targets

    • Target

      ad163810f30beced498a9a1a318feace07c079aba853f34684d2e1c9a796ab04

    • Size

      281KB

    • MD5

      c2a957c32ba544e18bdce5c89b31e4ec

    • SHA1

      4ffea92024bfa254b6cde85f9b3bc203d1c268fb

    • SHA256

      ad163810f30beced498a9a1a318feace07c079aba853f34684d2e1c9a796ab04

    • SHA512

      97b080498fca48a287f15cbae0a12042f865f839af67d29c51459ef685eb25f49ce089424be1886ab7c7e5f5cf922770e80f2874f12c9aaeff63b749ec612827

    • SSDEEP

      3072:idHdrST3duBTeYNq83VpxQinpsXfuAfAQcUC+bqAHd84sHjhIrdlfGm23hI/KQ7L:cs3duBaYNqhWQGWqAHS4sHjKZxE

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables Discord URL observed in first stage droppers

    • Detects executables referencing Discord tokens regular expressions

    • Detects executables referencing credit card regular expressions

    • Detects executables referencing many VPN software clients. Observed in infosteslers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks