Overview

overview

10

Static

static

10

PWN.AC/PWN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PWN.AC.rar

  • Size

    152KB

  • Sample

    240623-3dy22a1ejl

  • MD5

    dab29b7a3fcb3807ee1632b9ad8263d4

  • SHA1

    6ed3b85e8c5d6967b8170ed58c47accf2cc4ab8f

  • SHA256

    8286320ef9512e12cd838e2e3e051704d62d522742659afbb3ca19f8c444a04d

  • SHA512

    859173841b0f38939cbeb65dbcb77363cea9136211b9223e9138564b0aa84e98288f8fa6015420c3abb0be4a0f5e0d6a0313d428c47334bcff3044276df6e16e

  • SSDEEP

    3072:wfKQHq9E5zXl5RZ7DeJlI5zKl1fk3Aw91OGjkAOHbB73gF:5QHYSR7Z7DAlINKl1fkww9lFyN3w

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1215310807202799627/6HZ5IcWVou3y3RCr0gjeX5IP6YAHlSQA7mqRUnFxpGoxTLuwlGoDnHwKUfc_nm07jkPK

Targets

    • Target

      PWN.AC/PWN.exe

    • Size

      407KB

    • MD5

      8a6e04cab1aea1c66325afbc422cd361

    • SHA1

      3ad3b8d7a22767bdeb042c8668b563f9090ed1ab

    • SHA256

      aa6c9986b5a8e300b60ef090c5f5506760c5d013721b4670376f09e6005a1479

    • SHA512

      cd00a32c9946b8fe57ddd4800df185648fde6bb0eb042696c7f2af97a4092ef5ba6aa54469bf71f789ffb90e281746590ed3b58fed1c1eb3c2933f72e1660949

    • SSDEEP

      6144:jXt3T6MDdbICydeBimcmXKhJUP+6rmA1D0fhRc:jXttpcmXKnUWQ1DqRc

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks