44caliber | 09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06

Sharing

Copy URL

Twitter E-mail

General

Target

09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06
Size

274KB
MD5

15e2a8fb387c0d282a42769bf706302a
SHA1

a3e079ec5d06a3a9b93c1f72c39ca0c83b17710d
SHA256

09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06
SHA512

5fa9dd312f22d9ac36ee8b29fcb77bf8621ed3cb95496a4c6ff91437efa25cde672794ccc3f19c26a40988de17fb04798f77fb867a0b4f3822cfe3b71ae83653
SSDEEP

6144:Cf+BLtABPDsJJfbdrJwiU0xoZZafTyMlI1D0qY/:NJXqiU0xoRh1Da/

Score

10^/10

44caliber

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1160315256816554056/hlmTbenc8kZjs5SjhnARiVDXgoYJyFGIFGn6fTzvVyQv0AD0YdC5k0StuqiH0Q3QAxBA

Signatures

44caliber family
44caliber

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_Binary_References_Browsers

Detects executables Discord URL observed in first stage droppers 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Detects executables referencing Discord tokens regular expressions 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_Discord_Regex

Detects executables referencing credit card regular expressions 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_CC_Regex

Detects executables referencing many VPN software clients. Observed in infosteslers 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_VPN

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06

Files

09ea3bf729f8c7d94be749b3c40de16b5795cf015e971164bb49168841917e06
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\MSI\Desktop\stuler\44CALIBER-main\44CALIBER\obj\Release\Insidious.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 272KB - Virtual size: 271KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 272KB - Virtual size: 271KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B