44caliber

General

Target

Insidious.exe
Size

303KB
Sample

240620-petxta1cnk
MD5

edda50b770fce0dc088f1441f79d5e32
SHA1

4fd5d8c6b9689e2208bec77c5e664e636ab0acfa
SHA256

c299a7b28254577fe16224670a8a30bb8b3fb40423c8e3c44f2b7e4a15ec9ddb
SHA512

384be5d82f55f243ccbc8cdd219138ce9b77d615fb3eb7eb00497a0094aacbd1ea590f041457dd6790e0daf30ec7ac09ce032349d401f4706348ca423060ed07
SSDEEP

6144:FlFT6MDdbICydeBjy5i25C9nb/n6+mA1D0csI:Flz+5i25anbf51DoI

Score

10^/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1253318521178554430/zySBpAEalZ7s-Wf1Maut3o0LsaJjPWJRDMPKHSH6hL7hLtsJPM4goQk5nY-hbCoViGht

Targets

- Target
  
  Insidious.exe
- Size
  
  303KB
- MD5
  
  edda50b770fce0dc088f1441f79d5e32
- SHA1
  
  4fd5d8c6b9689e2208bec77c5e664e636ab0acfa
- SHA256
  
  c299a7b28254577fe16224670a8a30bb8b3fb40423c8e3c44f2b7e4a15ec9ddb
- SHA512
  
  384be5d82f55f243ccbc8cdd219138ce9b77d615fb3eb7eb00497a0094aacbd1ea590f041457dd6790e0daf30ec7ac09ce032349d401f4706348ca423060ed07
- SSDEEP
  
  6144:FlFT6MDdbICydeBjy5i25C9nb/n6+mA1D0csI:Flz+5i25anbf51DoI
Score

10^/10

44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2