General

  • Target

    Robux.exe

  • Size

    274KB

  • Sample

    240910-mxtnnazfpk

  • MD5

    b3dca103204683157780d5562579d100

  • SHA1

    61a249df0a3ce1849b7047e252a323c9f26e44c4

  • SHA256

    8077c458cca5d446d5699c86d18cd2ed03507f59ab09582a1147e17291f33c65

  • SHA512

    89c4335aafa72a286b34460790abe4aa9e035db269f9b5e451a85c98326aa87b31d60a6742125011a54f421283e11cc5cf56d7fccfdcdff95d36dac21abec556

  • SSDEEP

    6144:Af+BLtABPDOpJTNN6eTSUdZ/pOlYeJqlA1D0FkB:ppYSSUdZ/olYet1DHB

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/915691701547446283/wUW0ZMfS9Ea3nfJC3GBW1nyVurXzKmQnFhIAcuEwGucZF2JJhh8YakLcl2RpJb6iFOek

Targets

    • Target

      Robux.exe

    • Size

      274KB

    • MD5

      b3dca103204683157780d5562579d100

    • SHA1

      61a249df0a3ce1849b7047e252a323c9f26e44c4

    • SHA256

      8077c458cca5d446d5699c86d18cd2ed03507f59ab09582a1147e17291f33c65

    • SHA512

      89c4335aafa72a286b34460790abe4aa9e035db269f9b5e451a85c98326aa87b31d60a6742125011a54f421283e11cc5cf56d7fccfdcdff95d36dac21abec556

    • SSDEEP

      6144:Af+BLtABPDOpJTNN6eTSUdZ/pOlYeJqlA1D0FkB:ppYSSUdZ/olYet1DHB

    • 44Caliber

      An open source infostealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks