44caliber | 18143d02f3cb2e83ae05d73f1f689b80b391f3466acd18dcbc021e1db7d40ee6

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb6f6cb9b7597a2c7f6cd43f0d5a4d00N.exe
Size

603KB
MD5

bb6f6cb9b7597a2c7f6cd43f0d5a4d00
SHA1

ca253eda80c20befdd614e32905eaf63d5173214
SHA256

18143d02f3cb2e83ae05d73f1f689b80b391f3466acd18dcbc021e1db7d40ee6
SHA512

1022513e26622175e8b3547749093a1312714746ea912c70b6ccb86ce77775517c858548e55ced735f9d16e6f2f5e6580a91c22e9940b355253a3ec10ce3d83a
SSDEEP

12288:SBe6DXqAB5jpx7RuZmdnnc6WSjHPv7zOsZUayLXfNd87hCn:SjD3P7RuodnncLOH/OsGNFdm

Score

10^/10

44caliber blackguard stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1267968855829905480/cd8VhmflrMNSQlpEWSs3J3IgzJ2PtIhkWjXFZEHp3Mu4ug7xMvzT3DehOE9cFtYpx_aB

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
BlackGuard
Infostealer first seen in Late 2021.
stealer blackguard

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	discord.com
3	discord.com

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1668	bb6f6cb9b7597a2c7f6cd43f0d5a4d00N.exe

C:\Users\Admin\AppData\Local\Temp\bb6f6cb9b7597a2c7f6cd43f0d5a4d00N.exe
"C:\Users\Admin\AppData\Local\Temp\bb6f6cb9b7597a2c7f6cd43f0d5a4d00N.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-0-0x0000000076CE1000-0x0000000076DE2000-memory.dmp

Filesize
1.0MB

Download
memory/1668-1-0x0000000076CE0000-0x0000000076E89000-memory.dmp

Filesize
1.7MB

Download
memory/1668-2-0x0000000076CE0000-0x0000000076E89000-memory.dmp

Filesize
1.7MB

Download
memory/1668-3-0x0000000076CE0000-0x0000000076E89000-memory.dmp

Filesize
1.7MB

Download
memory/1668-4-0x0000000076CE0000-0x0000000076E89000-memory.dmp

Filesize
1.7MB

Download
memory/1668-5-0x00000000023A0000-0x00000000023EA000-memory.dmp

Filesize
296KB

Download
memory/1668-6-0x0000000076CE0000-0x0000000076E89000-memory.dmp

Filesize
1.7MB

Download
memory/1668-7-0x000000013FD30000-0x000000013FDD1000-memory.dmp

Filesize
644KB

Download
memory/1668-8-0x0000000076CE1000-0x0000000076DE2000-memory.dmp

Filesize
1.0MB

Download
memory/1668-9-0x0000000076CE0000-0x0000000076E89000-memory.dmp

Filesize
1.7MB

Download