General

  • Target

    0259fcb47c0f4720fd1189cce27496d109e518fd29a86c14877a178be98ac39f

  • Size

    303KB

  • Sample

    240819-zef13aydlq

  • MD5

    3ee5f6209cd61e76a5094cd557f19397

  • SHA1

    e6c6024eef30b70118bd2a46caa18094329236cd

  • SHA256

    0259fcb47c0f4720fd1189cce27496d109e518fd29a86c14877a178be98ac39f

  • SHA512

    ed39dfa6841eb2d0b9555bd097ab5b5df1d2210c09af069433522f096a8e50043f05bc990d341417b3e3e6fa48e45f5a678b75e1fd5ef4aa9d684a2bd9b52322

  • SSDEEP

    6144:S5hxT6MDdbICydeBvQ26i2dVTZ86rmA1D0oVr6:S5dY26i2vTGQ1DVr6

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1275107356367388704/roqjMlMySpW-zLEdW4HEDDUN7HAzi90wBYpi5xr98pNekoem7ifN6jBJOTc9aGHL1SDD

Targets

    • Target

      Cheat 0x кряк/0x launcher.exe

    • Size

      303KB

    • MD5

      556ee735d703fc329a6463e5a042dc43

    • SHA1

      faaaf05975a679668feec76c7b4602a8c7b6b6fb

    • SHA256

      7bca2a9913e523e2c46ae6b50cfc9f7d687ec8ca9a3e9034f82531020ddec423

    • SHA512

      b0e7510b558f7cc65690accf5f8fa8617d58c1e9650e2426f10d1d733487dd155e439420847d6526479584003a5b20affbbe7a2644604cc0108e02399d324b69

    • SSDEEP

      6144:F5hxT6MDdbICydeBvQ26i2dVTZ86rmA1D0oVr:F5dY26i2vTGQ1DVr

    • 44Caliber

      An open source infostealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks