General

  • Target

    e2780d5f4e1a30a57a4e47f893370e60N.exe

  • Size

    303KB

  • Sample

    240823-x7anmsvarn

  • MD5

    e2780d5f4e1a30a57a4e47f893370e60

  • SHA1

    f5adbd631b5303cb832eb59085210176dfb0bdb6

  • SHA256

    8d14c3ddc1f328f6afa101354b3bd237ea5f6d5ede5526c301d647db5e7b2829

  • SHA512

    d9b68d4d01e6fc495afcbf2255f684a609fc96edfdb17cc34bd2b3c27d54374225424a7f16214f38ea44281f0f63c21e46edda89de71aacc72cfb0d8ab6198e1

  • SSDEEP

    6144:h/oT6MDdbICydeBrdEGHpcJWbg6vmA1D0q0G:h/WJEGHpQWEM1DWG

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1275104139587616934/cVYjsimoHW_MSjxoI5Prmq28mq3wQZ0Q6S-d_VTdoxMVqXW-c2M0A6ByJLCYIAEg0gsS

Targets

    • Target

      e2780d5f4e1a30a57a4e47f893370e60N.exe

    • Size

      303KB

    • MD5

      e2780d5f4e1a30a57a4e47f893370e60

    • SHA1

      f5adbd631b5303cb832eb59085210176dfb0bdb6

    • SHA256

      8d14c3ddc1f328f6afa101354b3bd237ea5f6d5ede5526c301d647db5e7b2829

    • SHA512

      d9b68d4d01e6fc495afcbf2255f684a609fc96edfdb17cc34bd2b3c27d54374225424a7f16214f38ea44281f0f63c21e46edda89de71aacc72cfb0d8ab6198e1

    • SSDEEP

      6144:h/oT6MDdbICydeBrdEGHpcJWbg6vmA1D0q0G:h/WJEGHpQWEM1DWG

    • 44Caliber

      An open source infostealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks