General
-
Target
3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657
-
Size
3.4MB
-
Sample
240627-zqacnazgkh
-
MD5
5c48167b9b7f4ca64ec8ffc3dac52f4f
-
SHA1
798c3b6432e0a6c7ca3565847f2ae6132ce273e2
-
SHA256
3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657
-
SHA512
41d9dfe7e15f372e271b87bb1c28a16af7259d5dd76fe9e1d936de8ef34200504afb4a505d6c96722fc2c29c6a032fa81f094ae1969d13f4f55bdcf8ed2faace
-
SSDEEP
98304:U3GZi+althnATSq/Mr0E6QpT3WF/zYpDLGf8xV3XVV4l94e/YjW:U3G0+althATSCil3acME/6L/T
Static task
static1
Behavioral task
behavioral1
Sample
3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657.exe
Resource
win7-20240221-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1250616070168121415/5zPJF3YAMfzIYMNhBy0XbjWdMsVRmd5PNYzbuTK55XQkKeKyHmQ5hnEfKgffl6GKC84q
Targets
-
-
Target
3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657
-
Size
3.4MB
-
MD5
5c48167b9b7f4ca64ec8ffc3dac52f4f
-
SHA1
798c3b6432e0a6c7ca3565847f2ae6132ce273e2
-
SHA256
3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657
-
SHA512
41d9dfe7e15f372e271b87bb1c28a16af7259d5dd76fe9e1d936de8ef34200504afb4a505d6c96722fc2c29c6a032fa81f094ae1969d13f4f55bdcf8ed2faace
-
SSDEEP
98304:U3GZi+althnATSq/Mr0E6QpT3WF/zYpDLGf8xV3XVV4l94e/YjW:U3G0+althATSCil3acME/6L/T
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables Discord URL observed in first stage droppers
-
Detects executables packed with ConfuserEx Mod
-
Detects executables referencing Discord tokens regular expressions
-
Detects executables referencing credit card regular expressions
-
Detects executables referencing many VPN software clients. Observed in infosteslers
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-