44caliber | 0f13239f4af5dc1c7dd7fdcfe1330c02fe31410935208a57ba8e5c53e4aa2680 | Triage

Submit
Reports

Overview

overview

Static

static

3

0f13239f4a...0N.exe

windows7-x64

7

0f13239f4a...0N.exe

windows10-2004-x64

Sharing

General

Target

0f13239f4af5dc1c7dd7fdcfe1330c02fe31410935208a57ba8e5c53e4aa2680N
Size

7.5MB
Sample

241003-ht63cszhqm
MD5

013b74f725ebc6449ce2e1eb545aeb80
SHA1

5eacf5e9fc03f8641f467b82352b131e3c59ca61
SHA256

0f13239f4af5dc1c7dd7fdcfe1330c02fe31410935208a57ba8e5c53e4aa2680
SHA512

da310873a6f23e00c859e43dbdcb11c5a0c57de1c19f1e73b6b62f6d29390fb8fdca04ea6be0f85472e8e07447ae05dce4d189b8ee9d9529a05686afe26610fb
SSDEEP

196608:OPU39DbBHnbYq2EF6sXCXheIy9uG0jaIj:b39DVYqQ9XheIyvy

Score

10^/10

44caliber discovery pyinstaller spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f13239f4af5dc1c7dd7fdcfe1330c02fe31410935208a57ba8e5c53e4aa2680N.exe

Resource

win7-20240903-en

discovery pyinstaller

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

0f13239f4af5dc1c7dd7fdcfe1330c02fe31410935208a57ba8e5c53e4aa2680N.exe

Resource

win10v2004-20240802-en

44caliber discovery pyinstaller spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1122569336733835314/pV5GwZljRF3rAOixx7tojWgzH5u5ja8SHJNo4ppqYGfqU8UHwq7r31ApoYXIgDbPFYow

Targets

- Target
  
  0f13239f4af5dc1c7dd7fdcfe1330c02fe31410935208a57ba8e5c53e4aa2680N
- Size
  
  7.5MB
- MD5
  
  013b74f725ebc6449ce2e1eb545aeb80
- SHA1
  
  5eacf5e9fc03f8641f467b82352b131e3c59ca61
- SHA256
  
  0f13239f4af5dc1c7dd7fdcfe1330c02fe31410935208a57ba8e5c53e4aa2680
- SHA512
  
  da310873a6f23e00c859e43dbdcb11c5a0c57de1c19f1e73b6b62f6d29390fb8fdca04ea6be0f85472e8e07447ae05dce4d189b8ee9d9529a05686afe26610fb
- SSDEEP
  
  196608:OPU39DbBHnbYq2EF6sXCXheIy9uG0jaIj:b39DVYqQ9XheIyvy
Score

10^/10

discovery pyinstaller 44caliber spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypyinstaller

behavioral2

44caliberdiscoverypyinstallerspywarestealer

© 2018-2024

Terms | Privacy