44caliber | f2b5cbbdb4beb4ccfe4220af1bc7a1065524ee4dcad89fa180ccd3a4cac0d87a | Triage

Sharing

General

Target

Insidious.exe
Size

303KB
Sample

240819-mxsflataqq
MD5

73f91b648c6e449c678cc4bcaf217651
SHA1

8cb0cec0e31531b73bc04630c0ef86aec11894e6
SHA256

f2b5cbbdb4beb4ccfe4220af1bc7a1065524ee4dcad89fa180ccd3a4cac0d87a
SHA512

a2ad7c032bb93a9dc32a243cc0febb6fbe4272d44f381f6e9f2be7e94aca30a7b9871e9dd2a67f48b98202351605d81e5416e4c1d76275d590eba575bf8b006f
SSDEEP

6144:TRlT6MDdbICydeBV9suqPmlF62y6bmA1D0Gsp:TRT4uqPmH6Dg1Dmp

Score

10^/10

44caliber credential_access spyware stealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1275043194824032316/eqfjpwfw-Aa32DfOOcp2pilYlVMwJCH973ItNa5eap8KHs1eapnkS0U23LDUza9Imjji

Targets

- Target
  
  Insidious.exe
- Size
  
  303KB
- MD5
  
  73f91b648c6e449c678cc4bcaf217651
- SHA1
  
  8cb0cec0e31531b73bc04630c0ef86aec11894e6
- SHA256
  
  f2b5cbbdb4beb4ccfe4220af1bc7a1065524ee4dcad89fa180ccd3a4cac0d87a
- SHA512
  
  a2ad7c032bb93a9dc32a243cc0febb6fbe4272d44f381f6e9f2be7e94aca30a7b9871e9dd2a67f48b98202351605d81e5416e4c1d76275d590eba575bf8b006f
- SSDEEP
  
  6144:TRlT6MDdbICydeBV9suqPmlF62y6bmA1D0Gsp:TRT4uqPmH6Dg1Dmp
Score

10^/10

44caliber credential_access spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44calibercredential_accessspywarestealer

behavioral2

44calibercredential_accessspywarestealer