44caliber

General

Target

09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06
Size

274KB
Sample

240421-w564dshd8t
MD5

15e2a8fb387c0d282a42769bf706302a
SHA1

a3e079ec5d06a3a9b93c1f72c39ca0c83b17710d
SHA256

09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06
SHA512

5fa9dd312f22d9ac36ee8b29fcb77bf8621ed3cb95496a4c6ff91437efa25cde672794ccc3f19c26a40988de17fb04798f77fb867a0b4f3822cfe3b71ae83653
SSDEEP

6144:Cf+BLtABPDsJJfbdrJwiU0xoZZafTyMlI1D0qY/:NJXqiU0xoRh1Da/

Score

10^/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1160315256816554056/hlmTbenc8kZjs5SjhnARiVDXgoYJyFGIFGn6fTzvVyQv0AD0YdC5k0StuqiH0Q3QAxBA

Targets

- Target
  
  09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06
- Size
  
  274KB
- MD5
  
  15e2a8fb387c0d282a42769bf706302a
- SHA1
  
  a3e079ec5d06a3a9b93c1f72c39ca0c83b17710d
- SHA256
  
  09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06
- SHA512
  
  5fa9dd312f22d9ac36ee8b29fcb77bf8621ed3cb95496a4c6ff91437efa25cde672794ccc3f19c26a40988de17fb04798f77fb867a0b4f3822cfe3b71ae83653
- SSDEEP
  
  6144:Cf+BLtABPDsJJfbdrJwiU0xoZZafTyMlI1D0qY/:NJXqiU0xoRh1Da/
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables Discord URL observed in first stage droppers
- Detects executables referencing Discord tokens regular expressions
- Detects executables referencing credit card regular expressions
- Detects executables referencing many VPN software clients. Observed in infosteslers
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2