44caliber | Insidious[.]exe | Triage

Sharing

General

Target

Insidious.exe
Size

303KB
MD5

35cdf56ee1f012a2f44a0812c2a56105
SHA1

bf3475fa2d1709a731e87c02427ff4c0f04e1448
SHA256

7a5f3666857fbcb8e1118d1a4366614c8c38d57bd2b8c699c0ab4ab2a89d390c
SHA512

121694ad85f7ff5ba3c2f14382c3f5d339f3ffdc4de1c62fde3801a1e20d59735387c376c28acd14f6821e6bd28835f77e697c83653839d6977760ef220198e7
SSDEEP

6144:GfcT6MDdbICydeBO0wkGV6/dJLRF6LmA1D0WFX:GfKkkGV6jLDw1DzX

Score

10^/10

44caliber

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1244019870862020659/tVxVfR9TpY0IyzuyrjO17JbdHh2NjTS8KiM8KzKmHrEAjcnkS2I3rTkkVdlqcBGrIYFZ

Signatures

44caliber family
44caliber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Insidious.exe

Files

Insidious.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\absol\Desktop\44CALIBER-main\44CALIBER\obj\Debug\Insidious.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ