Extracted

• • Target

    006d8441e7fced79d603807b0581f171_JaffaCakes118

  • Size

    801KB

  • MD5

    006d8441e7fced79d603807b0581f171

  • SHA1

    a14aca213e51b7e78d31f89724a183099d8a72ba

  • SHA256

    694175c88d632f08a6ad09a9be03aac4a82432cc5c3cc0e3e3dfdd7f360af651

  • SHA512

    5907b4f4b92b80c10e19cea4e6d837605b4630517eecd6cb1a2eb37eaab5356315368813fe3fa56a1bb7b1c6855c088e6d3c4a2a8786b03bf3c598bd4a49a1f6

  • SSDEEP

    12288:75l3YBlSA8NlmWzFJ74xQUlQDI/LftxL4/MF4o0pUi6iKH0F0ZCqtl1RB0Ce2y:7n5lmWzFJ74xQUlQDI/znEVxKUGJtFSR

  Score

  10^/10

  44caliberpersistencespywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2