General

  • Target

    NurikCrack.rar

  • Size

    16.0MB

  • Sample

    240923-lzvs3athjr

  • MD5

    a76b10ae673b2d46ec76884c6a7bf8cb

  • SHA1

    60bdb08a782829647c3a31499d8e544cfb2a6000

  • SHA256

    99596eeef37785562b8b1208dbaa6e7e2d9e83056becb43d0b31f01216888fc0

  • SHA512

    0f62bebdc9653b73d21e24295a424844454671fd5b145bb9ca8be7a1c58533b27a5ffdcaace289703beb5ed4b93c281ad399532c22a9a39ca785e7499281c7fd

  • SSDEEP

    393216:/X743M9uTX4vu2SHh7aoKa3HNaSTlG7CFlc77UPcftSEpN/2a:f7YMcTX4Wh7Vh9PTl5lqKc1VpF2a

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1255267341017550858/gDHwLRcJ5Z6vxkhOt8ckW-l8jpv2WEDTg_SHcL4h0K-yY_7I4qbWTz88XckD4XUGvzOw

Targets

    • Target

      NurikCrack/nurik/Nursultan.exe

    • Size

      17.9MB

    • MD5

      e504e3fc36fe4d6f182c98923979a779

    • SHA1

      3ba9f1a9a15b79639a20cfcf79c9de31d15a17a6

    • SHA256

      70b7b95bb952b3325476867307fc5bd4df5769b97bbcdd8b60e7b46e1b38e4a0

    • SHA512

      63bbbc3ccf14b2846df64b8edae52b6431df52aa9e03569a28ca239ab02db94bf79ca8a0a30529e35a04ee5845768d752b99e6ce3830ab440c57850180ad1647

    • SSDEEP

      393216:2UO/6SzixEgHKOvKjOnfrBafMIsEIjt7H:2Um6tFKOCjQAEAIx7H

    Score
    1/10
    • Target

      NurikCrack/nurik/NursultanInstall.exe

    • Size

      303KB

    • MD5

      face0aff265464e545a9073824a5874d

    • SHA1

      04a59c0f10af4e1febaef3a70924d45df8834f4c

    • SHA256

      2fb096a7b9847060f61b8f936b5462fdc60d37b2bc1e9bb1bf03e828e92cdf48

    • SHA512

      9409ecd708da4f57b133546e1ace6aa78e99fa98de58c8e70608a7c138f7d1a0cd370d062714c68f36f441d9e9212c3e7898c6bf5df8c44b02270ba798c038e8

    • SSDEEP

      6144:y/2T6MDdbICydeBoKEG4pSJfNtvurxmI1D0Po+:y/8bEG4p6fIb1DJ+

    • 44Caliber

      An open source infostealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks