General

  • Target

    3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657

  • Size

    3.4MB

  • Sample

    240627-zqacnazgkh

  • MD5

    5c48167b9b7f4ca64ec8ffc3dac52f4f

  • SHA1

    798c3b6432e0a6c7ca3565847f2ae6132ce273e2

  • SHA256

    3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657

  • SHA512

    41d9dfe7e15f372e271b87bb1c28a16af7259d5dd76fe9e1d936de8ef34200504afb4a505d6c96722fc2c29c6a032fa81f094ae1969d13f4f55bdcf8ed2faace

  • SSDEEP

    98304:U3GZi+althnATSq/Mr0E6QpT3WF/zYpDLGf8xV3XVV4l94e/YjW:U3G0+althATSCil3acME/6L/T

Score
10/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1250616070168121415/5zPJF3YAMfzIYMNhBy0XbjWdMsVRmd5PNYzbuTK55XQkKeKyHmQ5hnEfKgffl6GKC84q

Targets

    • Target

      3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657

    • Size

      3.4MB

    • MD5

      5c48167b9b7f4ca64ec8ffc3dac52f4f

    • SHA1

      798c3b6432e0a6c7ca3565847f2ae6132ce273e2

    • SHA256

      3f8c834a6f95f5128aa4c916bbb51afcfe7d1c6e79e93b9c750862fbacf8d657

    • SHA512

      41d9dfe7e15f372e271b87bb1c28a16af7259d5dd76fe9e1d936de8ef34200504afb4a505d6c96722fc2c29c6a032fa81f094ae1969d13f4f55bdcf8ed2faace

    • SSDEEP

      98304:U3GZi+althnATSq/Mr0E6QpT3WF/zYpDLGf8xV3XVV4l94e/YjW:U3G0+althATSCil3acME/6L/T

    Score
    10/10
    • 44Caliber

      An open source infostealer written in C#.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables Discord URL observed in first stage droppers

    • Detects executables packed with ConfuserEx Mod

    • Detects executables referencing Discord tokens regular expressions

    • Detects executables referencing credit card regular expressions

    • Detects executables referencing many VPN software clients. Observed in infosteslers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks