44caliber

General

Target

Solara-main.zip
Size

401KB
Sample

240630-pyvy8a1enk
MD5

033b6b9d8a597b10cf18cd4afa9507c7
SHA1

555842f13061dff86306d1b79f47c0327c7628b4
SHA256

16cca0f0005d05175568adc4d1927ccf9a1775f51a67bf0e28e38df042d205d2
SHA512

5fbc045439fa100056554fef3141b1d85088318819021918ec0416fceb144f06fac3ffcdaea8dbe5d84ac7c5e71ebbfa722631b7045cdb7d705d693ae92634fb
SSDEEP

12288:iDfC0Y74SD9BsAJ7gib3aPcNYmn9nr+YRmMuyxgyL:TUSPNbKPcNYmn9nUyx/L

Score

10^/10

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1169713279464120370/GUIw2wEmQMllUHEfRf3MNeS3DBNrZN-RuTQ9QbFfAqIZNVHtIlkj1yiD5QqgrIlv8gQi

Targets

- Target
  
  Solara-main.zip
- Size
  
  401KB
- MD5
  
  033b6b9d8a597b10cf18cd4afa9507c7
- SHA1
  
  555842f13061dff86306d1b79f47c0327c7628b4
- SHA256
  
  16cca0f0005d05175568adc4d1927ccf9a1775f51a67bf0e28e38df042d205d2
- SHA512
  
  5fbc045439fa100056554fef3141b1d85088318819021918ec0416fceb144f06fac3ffcdaea8dbe5d84ac7c5e71ebbfa722631b7045cdb7d705d693ae92634fb
- SSDEEP
  
  12288:iDfC0Y74SD9BsAJ7gib3aPcNYmn9nr+YRmMuyxgyL:TUSPNbKPcNYmn9nUyx/L
Score

1^/10
behavioral1
- Target
  
  Solara-main/README.md
- Size
  
  1KB
- MD5
  
  99610e3f26a12cde98862aedd945ec84
- SHA1
  
  e10a549c9ae6414744ca9336a390eb62fb7f79b1
- SHA256
  
  072856d085b8184cd4df7e53ec4d74df81c3ee4b31435f52d13b2d23ae0ddc40
- SHA512
  
  a1d84b2b74bae2b18287d19b1c3965420d53d3f76fba5308e3a29f090b5ce8215e4ec6b1ed9cdec94cb38f77d05972d4b7936109b09852af957223d4cb949e37
Score

3^/10
behavioral2
- Target
  
  Solara-main/Solara.zip
- Size
  
  400KB
- MD5
  
  20804935c8018d330c47fa7acde89358
- SHA1
  
  7e79e69996cf54bf3da5807e37805db03d23f34e
- SHA256
  
  65dcaf8699e4d8d8aaa1c177fc49bfe4ff69ad4fd3891d61f68c5239e217cb14
- SHA512
  
  7c7cf8a3e6d90376a1a958c57527750c5a04d6d27c90397aac458898a34601a36c5f345afeabaa72f0ece7f3701ac729b68b5bd9f93252552feb4a1f092fc398
- SSDEEP
  
  12288:/3IY0Y/4SF9rsCJmLagibphNFc6V9pr+YJGIYKxgDc:/3NAS3mL2b/rV9pUKxGc
Score

1^/10
behavioral3
- Target
  
  Solara/SolaraB/SolaraBootstrapper.exe
- Size
  
  826KB
- MD5
  
  886d05ab350457e2ddde2f569dc0668a
- SHA1
  
  3448ca0ce7b2f279694f8a360348c0ade71b9322
- SHA256
  
  286b6d3aa77caa78854b3648d96d80a1f207d7b94fb54103b44600a6f72839b5
- SHA512
  
  31186e5e079389f820a026843340468cf183c31ee18d60537d48e83b4ecb08b86f2e1b41012b4fa25ebbbd33a4fbc833986815e71010b74df3e04fdaf49d7962
- SSDEEP
  
  12288:gCQjgAtAHM+vetZxF5EWry8AJGy03eJxZM6gMkIhS:g5ZWs+OZVEWry8AFL06gGS
Score

10^/10

44caliber evasion spyware stealer themida trojan
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral4