44caliber | PWN[.]AC[.]rar | Triage

Sharing

General

Target

PWN.AC.rar
Size

152KB
MD5

dab29b7a3fcb3807ee1632b9ad8263d4
SHA1

6ed3b85e8c5d6967b8170ed58c47accf2cc4ab8f
SHA256

8286320ef9512e12cd838e2e3e051704d62d522742659afbb3ca19f8c444a04d
SHA512

859173841b0f38939cbeb65dbcb77363cea9136211b9223e9138564b0aa84e98288f8fa6015420c3abb0be4a0f5e0d6a0313d428c47334bcff3044276df6e16e
SSDEEP

3072:wfKQHq9E5zXl5RZ7DeJlI5zKl1fk3Aw91OGjkAOHbB73gF:5QHYSR7Z7DAlINKl1fkww9lFyN3w

Score

10^/10

44caliber

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1215310807202799627/6HZ5IcWVou3y3RCr0gjeX5IP6YAHlSQA7mqRUnFxpGoxTLuwlGoDnHwKUfc_nm07jkPK

Signatures

44caliber family
44caliber
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/PWN.AC/PWN.exe

Files

PWN.AC.rar
.rar
PWN.AC/PWN.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Chezee\Desktop\44CALIBER-main\44CALIBER\obj\Debug\Insidious.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PWN.AC/Прочитай.txt