General

  • Target

    Insidious (infected).zip

  • Size

    118KB

  • Sample

    241017-kzk37avajk

  • MD5

    198252675b51113d75e4882308aaca8f

  • SHA1

    10f28effa0d67246bb27e8fc57253b5dd6ee68f5

  • SHA256

    faf5e92c9ba356368e05b0374c4ed3f2c2da36eda0fcf1cf2c2b6abab1616503

  • SHA512

    ac8fd8cad0e208cbcd7b769c77d50683d565feeb5d2f2d4ee610dccb8e32f97842e24643fbf290179b9a56c07799331709fd611fb900df1d7a365fb21c3e711b

  • SSDEEP

    3072:KO9vFZR0sTaxWpey0vb7jMv0zjEP12aqVm:KOj9ascDXMv3d2aqVm

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1294513700799123476/jcrDYM1wi5rgaYktzvL6L2nE50ZpJ-pdnRrXxz84NCLRYLPfCMN8DTOd97Uc_z3FKP5j

Targets

    • Target

      Insidious.exe

    • Size

      303KB

    • MD5

      1667298a8a38e435c330d1decf48347a

    • SHA1

      8ed1c41d7a9c59a52edc6ad608229fbd7492c763

    • SHA256

      f89b8052ec6c4ab10a3332ab50b595cd675dc9043c308e0d37dc48cb6244bf72

    • SHA512

      07462881d2d10db571f7e21e6d0cf115a5dbbb88c0afd3a118d88ddae2d9600db9201900866ea9e4adf0eec1f614f2f15ddac6ef69fdc5a3074f9e94eb39b203

    • SSDEEP

      6144:zv1T6MDdbICydeBxbf0G3aLpbwsY6jmA1D0KJ6:zvD10G3alsbY1DL6

    • 44Caliber

      An open source infostealer written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks