44caliber | a15c3b6773fa9d8db715f8c557c76c95e8f84db0fa5046ed7a01589bfdc778b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

fd2f11c311...18.exe

windows7-x64

fd2f11c311...18.exe

windows10-2004-x64

Sharing

General

Target

fd2f11c31192e8efe0eb4b37d1a5e1b6_JaffaCakes118
Size

9.5MB
Sample

240420-vaycbsch78
MD5

fd2f11c31192e8efe0eb4b37d1a5e1b6
SHA1

48b2610a347ae04cd61cd33100715ca5476e1951
SHA256

a15c3b6773fa9d8db715f8c557c76c95e8f84db0fa5046ed7a01589bfdc778b5
SHA512

39a5e38dfb04b462e167462e78fe9cf018215cd8e9fcc7e1cf67e6ea93f99176af49995ed9c987899f140fe32faeda6757a2e814944b899454e771f183b04afa
SSDEEP

196608:0FSJAB+ZcpS+S6SrGTsD2dmmhGlkrwPgZS7rjsn6P44Nm:0FS+Bkc0+Fe6dmracMR7

Score

10^/10

44caliber xmrig discovery evasion miner spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fd2f11c31192e8efe0eb4b37d1a5e1b6_JaffaCakes118.exe

Resource

win7-20240221-en

44caliber xmrig evasion miner spyware stealer

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd2f11c31192e8efe0eb4b37d1a5e1b6_JaffaCakes118.exe

Resource

win10v2004-20240412-en

44caliber xmrig discovery evasion miner spyware stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/868513655556292688/7ViWQKXofSCTi8VWoHEcGeQK61RUEBYfnsE72cu6TJnpHYwlgzbrVI5gQn_jpfUMFoS5

Targets

- Target
  
  fd2f11c31192e8efe0eb4b37d1a5e1b6_JaffaCakes118
- Size
  
  9.5MB
- MD5
  
  fd2f11c31192e8efe0eb4b37d1a5e1b6
- SHA1
  
  48b2610a347ae04cd61cd33100715ca5476e1951
- SHA256
  
  a15c3b6773fa9d8db715f8c557c76c95e8f84db0fa5046ed7a01589bfdc778b5
- SHA512
  
  39a5e38dfb04b462e167462e78fe9cf018215cd8e9fcc7e1cf67e6ea93f99176af49995ed9c987899f140fe32faeda6757a2e814944b899454e771f183b04afa
- SSDEEP
  
  196608:0FSJAB+ZcpS+S6SrGTsD2dmmhGlkrwPgZS7rjsn6P44Nm:0FS+Bkc0+Fe6dmracMR7
Score

10^/10

44caliber xmrig evasion miner spyware stealer discovery
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

File and Directory Permissions Modification

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

44caliberxmrigevasionminerspywarestealer

behavioral2

44caliberxmrigdiscoveryevasionminerspywarestealer

© 2018-2024

Terms | Privacy