44caliber | Fatality[.]exe | Triage

Sharing

General

Target

Fatality.exe
Size

303KB
MD5

c58de13d43a4505c3d560f02782e7772
SHA1

1639355d610c3f8e0df698ab47835455a9687441
SHA256

7b7ffe08ad313ab1c699624e2240ff43a23466becef02d4c2d6b992efd7ac1bc
SHA512

4aab677344c2c07f95e5ed66aff445203a61b93ccbb31705757ed6bb37d58447cf294b87f1d8d5841f5a00c8ede742e3ab608319953166524774cffda35d7ac0
SSDEEP

6144:0HcT6MDdbICydeByXDmEjmpPwsQ6LmA1D0RuM:0HKgDmEjmoDA1DTM

Score

10^/10

44caliber

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/1271420596722602126/pddK9O-e2ezh4XTOXIuVC-VkRWZALv5GTMKGnWaVgpAmoiQ4OGECd3TQ5qCQ_5FFPItE

Signatures

44caliber family
44caliber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Fatality.exe

Files

Fatality.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\k1zzze\Desktop\44CALIBER-main\44CALIBER\obj\Debug\Insidious.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ