Overview

overview

10

Static

static

10

execute.exe

windows7-x64

10

execute.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rowz.rar

  • Size

    111KB

  • Sample

    240804-wcn24svhle

  • MD5

    0e0d40f4942e7ad55b1a39eac692cb74

  • SHA1

    0665a43ff98e9246c3379afa8efdd7002f222bda

  • SHA256

    433862c5f17d81ca847c161e0ab28cb38dcea2523150fed0ac6ee60c47031325

  • SHA512

    cea5b31624a28214df7431cb26033e47a2a06b706e5748bfaf70fc121c8eeb1e1f99feb75f14a2b37092dc604e3a8faf7b57dd1d89262e0e32a533ca18036613

  • SSDEEP

    1536:X9Z7W6Z86mLNJIqyXuBpvy9QIjb6MWB2SsjNsovZcYkMzJb9T4y3MAjqDRNWXBfP:DW6y6m7IqgscQ54vcYkqpr81DnXg76a7

Score
10/10
44calibercredential_accessspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1264290240290361368/HDo7Noqy1EZnwf2Slhpj8GKIwaCmP_A66Af1DGldm_aCLel95CQQWcTbmmU_vwpsIMZr

Targets

    • Target

      execute.exe

    • Size

      303KB

    • MD5

      7cfe3e4a9b6da9b158ebf7e0d1ab9945

    • SHA1

      a238ffedd893f57dcfcd70fff18c37aef9fd416e

    • SHA256

      cdcad2a6891cfaa9635c0718f3344280f8d02a78611bd6ca234e8bf22603613c

    • SHA512

      006ef6f83b13afddf814226f00ddba4580f74939c9a051b9537bbe352cb213e4c366548927363f573d04bad69520c3b843b466fb86f700d2e9ef9caf2d33dd4b

    • SSDEEP

      6144:9v9T6MDdbICydeBhbvsGfSDpbwko6jmA1D0Zi6:9vLFsGfSNsjY1DT6

    Score
    10/10
    44calibercredential_accessspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks