Overview

overview

10

Static

static

10

Game Setup v7.21.rar

windows7-x64

3

Game Setup v7.21.rar

windows10-2004-x64

3

Language/V...64.exe

windows7-x64

4

Language/V...64.exe

windows10-2004-x64

4

Mods/VC_re...64.exe

windows7-x64

4

Mods/VC_re...64.exe

windows10-2004-x64

4

Mods/redist.x64.exe

windows7-x64

4

Mods/redist.x64.exe

windows10-2004-x64

4

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

updater.dll

windows7-x64

1

updater.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Game Setup v7.21.rar

  • Size

    67.5MB

  • Sample

    240712-1tqdqathje

  • MD5

    977651e1816c5b044a87aaaf4d62906e

  • SHA1

    141c3db21ef41cbe38fa16d22bbc42fdc9a27828

  • SHA256

    973ebcffb7706b67b56f9c1b9bae70dd5e0946da3be81273c8a1caac04b63c31

  • SHA512

    43917f821999300e416f62b231e8f726013b84e4502c564cf62a49fde3e0ca846c8dbad29300c82ed8a24bbd442d4a8f13cba1f2553fbaa6ef00d8f04a4f3c9f

  • SSDEEP

    1572864:HfCv8YfFUaYf+MzifCv8YfFUaYf+MzCfCv8YfFUaYf+MzK:HKkY9UalKkY9UahKkY9UaV

Score
10/10
44caliberdiscoveryspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1260880233582690385/u7lBtqkjz1LNC0PjQqZri3i3mPGZS7FL3A0shj3caD8BnnqHy-kpvGoX4WP18uYMS3Yh

Targets

    • Target

      Game Setup v7.21.rar

    • Size

      67.5MB

    • MD5

      977651e1816c5b044a87aaaf4d62906e

    • SHA1

      141c3db21ef41cbe38fa16d22bbc42fdc9a27828

    • SHA256

      973ebcffb7706b67b56f9c1b9bae70dd5e0946da3be81273c8a1caac04b63c31

    • SHA512

      43917f821999300e416f62b231e8f726013b84e4502c564cf62a49fde3e0ca846c8dbad29300c82ed8a24bbd442d4a8f13cba1f2553fbaa6ef00d8f04a4f3c9f

    • SSDEEP

      1572864:HfCv8YfFUaYf+MzifCv8YfFUaYf+MzCfCv8YfFUaYf+MzK:HKkY9UalKkY9UahKkY9UaV

    Score
    3/10
    behavioral1behavioral2

    • Target

      Language/VC_redist.x64.exe

    • Size

      24.2MB

    • MD5

      1d545507009cc4ec7409c1bc6e93b17b

    • SHA1

      84c61fadf8cd38016fb7632969b3ace9e54b763a

    • SHA256

      3642e3f95d50cc193e4b5a0b0ffbf7fe2c08801517758b4c8aeb7105a091208a

    • SHA512

      5935b69f5138ac3fbc33813c74da853269ba079f910936aefa95e230c6092b92f6225bffb594e5dd35ff29bf260e4b35f91adede90fdf5f062030d8666fd0104

    • SSDEEP

      786432:tSp+Ty2SfUfnbDDko5dFMYqlQbgAVLSElbmucMuZZxs6Sf:4p+Ty2SfWnHDk8FjVbfzPTq4

    Score
    4/10
    discovery
    behavioral3behavioral4

    • Target

      Mods/VC_redist.x64.exe

    • Size

      24.2MB

    • MD5

      1d545507009cc4ec7409c1bc6e93b17b

    • SHA1

      84c61fadf8cd38016fb7632969b3ace9e54b763a

    • SHA256

      3642e3f95d50cc193e4b5a0b0ffbf7fe2c08801517758b4c8aeb7105a091208a

    • SHA512

      5935b69f5138ac3fbc33813c74da853269ba079f910936aefa95e230c6092b92f6225bffb594e5dd35ff29bf260e4b35f91adede90fdf5f062030d8666fd0104

    • SSDEEP

      786432:tSp+Ty2SfUfnbDDko5dFMYqlQbgAVLSElbmucMuZZxs6Sf:4p+Ty2SfWnHDk8FjVbfzPTq4

    Score
    4/10
    discovery
    behavioral5behavioral6

    • Target

      Mods/redist.x64.exe

    • Size

      24.2MB

    • MD5

      1d545507009cc4ec7409c1bc6e93b17b

    • SHA1

      84c61fadf8cd38016fb7632969b3ace9e54b763a

    • SHA256

      3642e3f95d50cc193e4b5a0b0ffbf7fe2c08801517758b4c8aeb7105a091208a

    • SHA512

      5935b69f5138ac3fbc33813c74da853269ba079f910936aefa95e230c6092b92f6225bffb594e5dd35ff29bf260e4b35f91adede90fdf5f062030d8666fd0104

    • SSDEEP

      786432:tSp+Ty2SfUfnbDDko5dFMYqlQbgAVLSElbmucMuZZxs6Sf:4p+Ty2SfWnHDk8FjVbfzPTq4

    Score
    4/10
    discovery
    behavioral7behavioral8

    • Target

      Setup.exe

    • Size

      303KB

    • MD5

      72f66470e3d5246aff4f3c0d087000bb

    • SHA1

      4cd6b127c956afddb8970b782437ea46032f7f13

    • SHA256

      d5e0a56884a1952a28fd950adafe59d8f5fbee01fbdd168ca1fff76ec4e78b00

    • SHA512

      7f517b91eba7aee75d79a24ac538f611c088b120bb5941d2644eae11ef4bd6d9378472cccef2e295f5c568a4523e8fca4c5361aad4699843ead80acb115a5185

    • SSDEEP

      6144:FNFT6MDdbICydeBpxUKCa269TwHfg6rmA1D0Ns4:FNzIKCa2yTnQ1DN4

    Score
    10/10
    44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral10behavioral9

    • Target

      updater.dll

    • Size

      492B

    • MD5

      ab3d6db031b0d0440156ac3e3b2dd8d1

    • SHA1

      4a9447b12141032e597156398545cb33b2e4ed1d

    • SHA256

      50b3632b6cdb81c9415f48719f1931ad1de7d8890eaab9cd4d8e14fb7c9f5242

    • SHA512

      2c1ca5e75e2bfad0a7bcc4fe445b966924c0f2b29e48964d5e2e2b9387849a7909c3bbc36a8ed162b6db5d34c41f4026d390b94a4c4ca5e43423f9238a8e7322

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

1
T1082

Query Registry

3
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks