General
-
Target
006d8441e7fced79d603807b0581f171_JaffaCakes118
-
Size
801KB
-
Sample
240622-asp4fsxhqa
-
MD5
006d8441e7fced79d603807b0581f171
-
SHA1
a14aca213e51b7e78d31f89724a183099d8a72ba
-
SHA256
694175c88d632f08a6ad09a9be03aac4a82432cc5c3cc0e3e3dfdd7f360af651
-
SHA512
5907b4f4b92b80c10e19cea4e6d837605b4630517eecd6cb1a2eb37eaab5356315368813fe3fa56a1bb7b1c6855c088e6d3c4a2a8786b03bf3c598bd4a49a1f6
-
SSDEEP
12288:75l3YBlSA8NlmWzFJ74xQUlQDI/LftxL4/MF4o0pUi6iKH0F0ZCqtl1RB0Ce2y:7n5lmWzFJ74xQUlQDI/znEVxKUGJtFSR
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/810239957884600360/6U33lkHJ7xVaXUnK4MdVL0Cl2jQOZSItumW0MlC9caow-63YRupBuBGsE5KGDmJgIIFC
Targets
-
-
Target
006d8441e7fced79d603807b0581f171_JaffaCakes118
-
Size
801KB
-
MD5
006d8441e7fced79d603807b0581f171
-
SHA1
a14aca213e51b7e78d31f89724a183099d8a72ba
-
SHA256
694175c88d632f08a6ad09a9be03aac4a82432cc5c3cc0e3e3dfdd7f360af651
-
SHA512
5907b4f4b92b80c10e19cea4e6d837605b4630517eecd6cb1a2eb37eaab5356315368813fe3fa56a1bb7b1c6855c088e6d3c4a2a8786b03bf3c598bd4a49a1f6
-
SSDEEP
12288:75l3YBlSA8NlmWzFJ74xQUlQDI/LftxL4/MF4o0pUi6iKH0F0ZCqtl1RB0Ce2y:7n5lmWzFJ74xQUlQDI/znEVxKUGJtFSR
Score10/10-
44Caliber
An open source infostealer written in C#.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-