Overview

overview

10

Static

static

10

leet-cheat...mp.exe

windows7-x64

10

leet-cheat...mp.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 18:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    leet-cheats-freeware.vmp.exe

  • Size

    6.9MB

  • MD5

    98396064f2a7683dcc23ba2dbdaac347

  • SHA1

    09d6c4ca59e59265b17d448e5e0c5887171f03e0

  • SHA256

    2dcfd9b32402fa9b0899100d5707b28552dc9d932548230af3aed4e2ae3c7bca

  • SHA512

    5b634afa4720a11e7e5fa5c2c7fb8a1b421f94fb116d252c7c27b74bfc16eb6a3353f47ab94bab77d4fa79a49570a8a770a4ba0372408be6ef9af8f131a7ffed

  • SSDEEP

    196608:D+Hi7E7LsX2GHY282Nhg5f4X6JiqO5ftIEDaajLeaK/mQ:aH74mGHQ2NmV4qJDO5ftYH/mQ

Score
10/10
44caliberspywarestealerupx

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1239998001162883183/Prdtl-xV5N5KoPdJjFyeakzF-tcDlNNdpgQa5_WSJhD6azfB04Gi-4sCmpkCOwJ_5MMR

Signatures

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\leet-cheats-freeware.vmp.exe
    "C:\Users\Admin\AppData\Local\Temp\leet-cheats-freeware.vmp.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Users\Admin\AppData\Local\Temp\2323.exe
      "C:\Users\Admin\AppData\Local\Temp\2323.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:852
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 852 -s 1188
        3⤵
          PID:2524
      • C:\Users\Admin\AppData\Local\Temp\leet-cheats.exe
        "C:\Users\Admin\AppData\Local\Temp\leet-cheats.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2936
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://unicore.cloud/drama
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2368
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:240
        • C:\Users\Admin\AppData\Local\Temp\loader.data
          "loader.data"
          3⤵
          • Executes dropped EXE
          PID:2428

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Unsecured Credentials

    2
    T1552

    Credentials In Files

    2
    T1552.001

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Data from Local System

    2
    T1005

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      753b6da9288d65decb611a77d7b86b30

      SHA1

      11770d53ab07972c55ae0ec8394898ddcb2e8da9

      SHA256

      14b43fb273643e8ce2ce4444b3de52913a5b41da879702da526b1e4b7becf163

      SHA512

      fd76989cc669eb882aba4f0fced0858f0848f2092bd4970f2caf7252f3d42f892fdecd3096ac256ab4eb729c6722665a8edc52b7862cdae2df32bf7287f421c8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3d67f89eb7216f5a0d0ba471d628608c

      SHA1

      db18f59fd8fc33a1996342f0a1f793bc93ebc233

      SHA256

      4d2cc4a9ba8bd8ee98ae7ba1025d4169526a8554c5e32c43eb9b6e877f7c3f14

      SHA512

      c814563a083837946895756779b36420e27af3df7409d3b8ecfb9a54c511c5b2965f0a24909ea99d0b2e68bd7b4c9aa30f42510d991865be2d5e0f7ceb56615d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de713c8d33643b9ebc0a180169123358

      SHA1

      a85834f9bd01be5e052afacfd7a673bd974ee7c0

      SHA256

      cb28c3bc79ef10fe8af1ab060312058e48ae771f982826be774e2369406e0a87

      SHA512

      c2b2d2b5d55904f228fa364d2491541b43dfe8820c372ef5a8d943d3ae1216e7184e130c1d83d285b0ec88884873e9bffda828ce01ebd1ef12a2166b831b59a8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cc0591b79568178f1dc8673c73627f3e

      SHA1

      5b97cc720df3906ff820e1d620fc5ff075dfd445

      SHA256

      d9421450bab7402c7a2aae095c385ee1504b57dbbb0752dc957df6a1264d0c78

      SHA512

      0db7473be4dc3801afdc9b141cd13226bccd38bdfeced90c62f5006d284ece9bf9f5875219aef27b0d5d788878a6d03cf883fb098565b6661d1dca63fedb5425

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      796e0fad6f48f513b2fabd51fbaad269

      SHA1

      8d4d9585518a0a3bda9c02e270e2af3a7567975f

      SHA256

      5c7f66911650f8bc38f4e305260e29ecb49c702e50fd520c3650573ee8af9e76

      SHA512

      e7e2620c01883628123b674f16dd83071c0852541149a2f67a5737d05e8560f7a5b398afac4de46cfeb521465f94cd3accbbb1f81c74e3e477ec910a41810be5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      836c3c6d3f9296f8c88f4cc1fbaef6d9

      SHA1

      2beb505483e12f480d153e0fa67e6683a78a983f

      SHA256

      9411309f326a86550b76e4498e58746814b0fbe37134916ec1a8a98b11de9d61

      SHA512

      65ffd1e1262065304517079ce041fb399f4877f03401424fb700aab44212719a85f7b959e521a5ab3835397816b7de0467ad41680ade08fef6cf3f8f733078b0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3efa30648d456d5af13fb978e2d58550

      SHA1

      e7fb37ae290f9612a66c6d1b81d1e2410c16760a

      SHA256

      fa316bf5d1e1dd419aa6d4ddf82a73d39c1199136a67d7520d05be4630198d61

      SHA512

      c39d6b1e14fcc1604dfad7c138b50088175cfc790dba54583dc2499a3b2f4d25c958ebb0ad30558143bf6e3fa4a1ac4e3941640bcebae219662cf28d63330daf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6bc625119a198846846eb2667d985467

      SHA1

      52b02645e01850197a6d6fabb71e646db25ebc7e

      SHA256

      54ed64e6c67b16081e773f08470f80be953f35c190f584581f73ff6e9d19d906

      SHA512

      a32d48738ddc967381a473150c07ae5369f4d2ad6808135d815f70bd1f31511ea034bb9e9cd0be8752d924eed57620a7cc087a8e20f1a722f83812d7cb5987c7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9521516eca47844e535db843aa75b241

      SHA1

      12632307e86bdc8faeae645b3bf888ed8b6a6088

      SHA256

      bbc8ecb1f413f9a8e4b370af6f5029ffc742033fc63b6c8f57aa6984d170fe31

      SHA512

      6ef18d88cd97eda0110e7fcb61c9d4f339259ecccf88f376c69008032c05665cc0f225740f18f30123d35b7d56dc26e39e15550d339faefb0c58596118ab794d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      17b7679dbac6eaf0587063b6bfe995a0

      SHA1

      be1e5bcaa8039717e2cb676d2f2792da4b4a00a6

      SHA256

      0fa4977fd7fe116a0e66a39696cc7aae89f5515c929aa6e9b03ad639fd4eb5f7

      SHA512

      152378d465a4765a5f8b0a977044247046f3eb6d1a322810b8321f2c721b498c60e24e106c3e6d4829f22370bfdee541021af7e717ce24bf7f01df47b0604a18

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2cefe46a514a6eb9d01f2d396f37ea6a

      SHA1

      eb33f2b7c4338644a4917a4254d0e794c242da93

      SHA256

      d61adeef0d7d72ef3d0c00963d622cb668ada746ab0d80b91fca19d84502d018

      SHA512

      2ec0bef4a942b6772a2ac8d8e9463a4964864c48612116b44788461eb9c930f74bd671bcbbda0e1a6ce9564625fa46e859c73803c67af9699eab624318bed1d1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      af21173b294018d49e35f73a81a39138

      SHA1

      68cc5063c17a6b48c70121f48352dc15fb679d62

      SHA256

      1ca749439dfb097260c985274fe41cafaf34aa6dd04884ccf95ebd2051d92c65

      SHA512

      0c8b5d4c4eeb9317b977fd0bd155385fa309a5fbf0627ac6ed732681aa5c5d1313e65cf3c04f1fc5e204ab9649fe5aa377dc556dc0afff5e18f1eebc9befb17d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8e5e0118637f671d121caf04c3494544

      SHA1

      5141b45a72c7a11f930a77b3658a3126cbda6b7e

      SHA256

      8b5e4523741f06656b8805cb9be858ab2a8827656aabf944ce181035ed5b7641

      SHA512

      072ffaf4ee8f5de08674a0bd414926f553930849df9d033096b9b65c56b13527b918e6be0606f17087246b79314440eb589e06057309e1596d24d2e51ca4827f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      85099132745d38b690baff31a8acb283

      SHA1

      5daac1c5b3d3f2f9f8586faa494631342df09fb9

      SHA256

      fdda20a64bc81564bbc78aab4b6ca8feb752f2b1858cbf7146d0c1afa088e4b7

      SHA512

      18a2293cfcc58483b33547b8c6c8f2dde5ec6b5955052f0ef45d4ba56dafee48433d60755921f49d898b679d495edf4ad3b7ca8a350dde9a0c406010956ccfcc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7bce26a8074dc005369c08017194ea11

      SHA1

      142701a1d18047dabcc0e99b0f2433cf38b415aa

      SHA256

      8d77f60f47dadfc3d267b257728087cd4656b10680a183ea8d1f8966d59c4936

      SHA512

      1033ebe6c8703ce254ec7d8ad0c28b68b632f5f713952ff4a8d25388669b2ff8f7796e85130f418b3c7740d879c2049a82d9e2206b402f980e3f9ea59a44c379

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      773f280f66672dd359917ab008f30266

      SHA1

      4a92b0026cf4d4e3a75e7ae591c8e8904e045a51

      SHA256

      c5aedb7d3fe316e4ff1086cb3778ada5e326a7eac020d06a7dde0b5ae406fb39

      SHA512

      19d3ed1d16bae482e91ec094d3b53d1d2d4a571235faa6427e030d2909ddcebf2976041d03eb8c014457293a1deca23c017b1feacbd4266c96cf917d4bc42276

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabDA6A.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarDE39.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\leet-cheats.exe
      Filesize

      6.6MB

      MD5

      13950d86cb3748b2a1f535eaace1a3d6

      SHA1

      9b1634057a11119ed38d1574bc2db160084cefd3

      SHA256

      10328d771df10ba9f20ff5a65046d559bdf35d36855bba0af909febaee9e53a9

      SHA512

      6ee06e0576d571f9e2fedbe904ecfab5a83b2fd8adc28d469ab08c728610eab215b8c6946feab8f4e33510978e879c66618225f23c4c3b6dff66b96147fd0964

      Download Submit
    • \Users\Admin\AppData\Local\Temp\2323.exe
      Filesize

      303KB

      MD5

      6d4d2a454bc8728f442e32c4471abdbd

      SHA1

      bfb79b63f606947623c418da921b65dd0a192b5e

      SHA256

      926a0c168b569f523cfc1c88586bfaebad3cb5c8348da3978ea27442f49a89bb

      SHA512

      ff30db6131e49f51fe9d18c2a3a3218b8b8ebfd7117dce7d9b7f8072b5eba12768e08ec723a0fd3ebd626f056b485bf7d18bd536fb0a3a8eeec88a107bdfe616

      Download Submit
    • \Users\Admin\AppData\Local\Temp\loader.data
      Filesize

      5.2MB

      MD5

      b86bbb42b26e72a601087f68cda89208

      SHA1

      baca49e35da3b83cd56ba579d61f98e9b137debe

      SHA256

      320eff01b2a5b520853cd9b0c7486b3d9992dce2f9308f267069a60f88f8deb0

      SHA512

      e98dfeb55d6053d6e2ec323f4665b4ea8cdb5bae0807ac70ac5dbb6cf7f3e8e1ba6a2ad099f8232b0e0ca9a738a9baf7d132957fb5d503c78283b229e35ed974

      Download Submit
    • memory/640-12-0x0000000000400000-0x0000000000AF1000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/852-522-0x000007FEF5BA3000-0x000007FEF5BA4000-memory.dmp
      Filesize

      4KB

      Download
    • memory/852-14-0x0000000000320000-0x0000000000372000-memory.dmp
      Filesize

      328KB

      Download
    • memory/852-7-0x000007FEF5BA3000-0x000007FEF5BA4000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2428-42-0x000000013F400000-0x000000014002A000-memory.dmp
      Filesize

      12.2MB

      Download
    • memory/2936-40-0x0000000002690000-0x00000000032BA000-memory.dmp
      Filesize

      12.2MB

      Download
    • memory/2936-35-0x000000013F4B0000-0x00000001401D3000-memory.dmp
      Filesize

      13.1MB

      Download