General

  • Target

    Insidious.exe

  • Size

    303KB

  • Sample

    240819-mzktjatbqq

  • MD5

    73f91b648c6e449c678cc4bcaf217651

  • SHA1

    8cb0cec0e31531b73bc04630c0ef86aec11894e6

  • SHA256

    f2b5cbbdb4beb4ccfe4220af1bc7a1065524ee4dcad89fa180ccd3a4cac0d87a

  • SHA512

    a2ad7c032bb93a9dc32a243cc0febb6fbe4272d44f381f6e9f2be7e94aca30a7b9871e9dd2a67f48b98202351605d81e5416e4c1d76275d590eba575bf8b006f

  • SSDEEP

    6144:TRlT6MDdbICydeBV9suqPmlF62y6bmA1D0Gsp:TRT4uqPmH6Dg1Dmp

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1275043194824032316/eqfjpwfw-Aa32DfOOcp2pilYlVMwJCH973ItNa5eap8KHs1eapnkS0U23LDUza9Imjji

Targets

    • Target

      Insidious.exe

    • Size

      303KB

    • MD5

      73f91b648c6e449c678cc4bcaf217651

    • SHA1

      8cb0cec0e31531b73bc04630c0ef86aec11894e6

    • SHA256

      f2b5cbbdb4beb4ccfe4220af1bc7a1065524ee4dcad89fa180ccd3a4cac0d87a

    • SHA512

      a2ad7c032bb93a9dc32a243cc0febb6fbe4272d44f381f6e9f2be7e94aca30a7b9871e9dd2a67f48b98202351605d81e5416e4c1d76275d590eba575bf8b006f

    • SSDEEP

      6144:TRlT6MDdbICydeBV9suqPmlF62y6bmA1D0Gsp:TRT4uqPmH6Dg1Dmp

    • 44Caliber

      An open source infostealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks