44caliber | Loader[.]exe | Triage

Sharing

General

Target

Loader.exe
Size

274KB
MD5

aa53f781ad5a200f415893c0da7396aa
SHA1

bba01d4263629a7830081ea7f2b5fd1bf7e324e5
SHA256

55b6defb5567076e025333cf20026653b1aaec699a5403b0f8f8cd167df3d5f9
SHA512

935a56faf5549d9467caba32ba797d3000f4edb5eade40f298de61a223dd2b542e7f3cad5c9916223c90632ac8628f9cc3046b02b3b9944b703067b7e05cee56
SSDEEP

6144:cf+BLtABPDMZZzIlzcwKUfmuO/9iXrEtdyIOe0dfx:7ZOnKUfmuO2oOeox

Score

10^/10

44caliber blackguard

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1255468679362252871/AGwJ4HWq8HAstPJqHecN5XV6T9315TewkpWEdTuW8h93j721tZYBI8dhwOpsQP2k0PuH

Signatures

44caliber family
44caliber
Blackguard family
blackguard

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader.exe

Files

Loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\isim\Desktop\44CALIBER-MODIFED-main\44CALIBER-MODIFED-main\44CALIBER\obj\Release\Loader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ