Extracted

• • Target

    New Project 1.exe

  • Size

    4.9MB

  • MD5

    eace0ed3521967a36f02f3408a76689d

  • SHA1

    54210340f93b45b7bd0eff93da29151a5e846174

  • SHA256

    a2d773d335de672b8b525f26483081ef86bdfbb524afdf3dab5922e66d864e96

  • SHA512

    9646a69340e263150fc05519576fdc4d07ef51cf05f974dfd4f94b866e896255ee469207b6181b976d253a2497a753439c1ec639897dbe7c0fb89674eaba6448

  • SSDEEP

    98304:w409oEFvy98NF/4uhbfc7DdGnTYrhMiAV4i2BWWH:i/FayNFQKU7qstyKnJ

  Score

  10^/10

  44caliberspywarestealerpersistence

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Modifies WinLogon for persistence

    persistence

  • Downloads MZ/PE file

  • Modifies AppInit DLL entries

    persistence

  • Modifies Installed Components in the registry

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2