44caliber | ede32cc0261506b8e6fffd357c22b175ce5a45a2de83f65b49d4484ec0e969f5 | Triage

Submit
Reports

Overview

overview

Static

static

3

Loader.exe

windows10-2004-x64

Sharing

General

Target

Loader.exe
Size

9.2MB
Sample

240729-kqaabsvbpd
MD5

8e4bc9547894a5ede75a2bd4235a8fb9
SHA1

794f7e9856e5024bcce49c1ce5415ee70abfdb88
SHA256

ede32cc0261506b8e6fffd357c22b175ce5a45a2de83f65b49d4484ec0e969f5
SHA512

6ed8462f58af3bbdff9451d659f93b8214db5912f2045d483d4a8278114633d07f76a78c1ee8b4661f858ae5730a7a175d0554c3e1d672ccfb603c74a4bec03d
SSDEEP

196608:6rltiwhW9T7MdeNBn6hKmXoBiibJkuJU1WcaonK+i7:Q+90deNBnYYBHyEcaI3i

Score

10^/10

44caliber credential_access spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Loader.exe

Resource

win10v2004-20240709-en

44caliber credential_access spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1267250103538810911/_8BMipnmgDV4n-Uu_YmzeHrxrFFQPSAoBBDlwlDVhsDsk_31uQMADxZw-pq563wCO5KV

Targets

- Target
  
  Loader.exe
- Size
  
  9.2MB
- MD5
  
  8e4bc9547894a5ede75a2bd4235a8fb9
- SHA1
  
  794f7e9856e5024bcce49c1ce5415ee70abfdb88
- SHA256
  
  ede32cc0261506b8e6fffd357c22b175ce5a45a2de83f65b49d4484ec0e969f5
- SHA512
  
  6ed8462f58af3bbdff9451d659f93b8214db5912f2045d483d4a8278114633d07f76a78c1ee8b4661f858ae5730a7a175d0554c3e1d672ccfb603c74a4bec03d
- SSDEEP
  
  196608:6rltiwhW9T7MdeNBn6hKmXoBiibJkuJU1WcaonK+i7:Q+90deNBnYYBHyEcaI3i
Score

10^/10

44caliber credential_access spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

44calibercredential_accessspywarestealer

© 2018-2024

Terms | Privacy