44caliber | Loader[.]exe | Triage

Resubmissions

26-06-2024 10:20

240626-mc9jdasfmr 10

26-06-2024 10:17

240626-mbemlssepl 10

Sharing

General

Target

Loader.exe
Size

304KB
MD5

f896c2bfec649637e85c463e3a70b2a6
SHA1

04d65945a3b79ee5b48a7e7e22fd24c8198fe332
SHA256

d4917f32cf3755b07badf1179d6717d4f17618cb68184f0dda48f4a4bbb45376
SHA512

0fed9a755f93198e795aac73aff0e17478cd51ffb9c19f80fdfdaf53374b32e2016bf83f0415f253b6f76e736cb36fad5269021d73972749c3d3d84206c6ebe0
SSDEEP

6144:bFcT6MDdbICydeBvtCikGW9mhL8PzeVAOe044E:bFK1CikGemQHOeGE

Score

10^/10

44caliber blackguard

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1255437795820966010/0VVoLF2QZxnBkoGw_P4ovEIbuHZLKgsoVU8zu2nEJgchI5ahmWwv98_frx1Jjvk7GNic

Signatures

44caliber family
44caliber
Blackguard family
blackguard
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Loader.exe

Files

Loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\isim\Desktop\44CALIBER-MODIFED-main\44CALIBER-MODIFED-main\44CALIBER\obj\Debug\Loader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ