Analysis
-
max time kernel
12s -
max time network
13s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-10-2024 20:55
Behavioral task
behavioral1
Sample
Alpha.exe
Resource
win7-20240903-en
windows7-x64
7 signatures
30 seconds
General
-
Target
Alpha.exe
-
Size
303KB
-
MD5
f25055b8bc6c0ea610dc7e7f537c965e
-
SHA1
ec7867e4f67a589b3dcfc6eb2937f51b6f586acb
-
SHA256
83fa8d782b344ad03557650a4d3c8d8b9d34d74238bdfa470c40ee1b43a5aa0c
-
SHA512
0552cd40771593c2c00d922555a02bdfdec0922c6ce51611f0b780384c8f44332df19277360012d830fa7944967767d2db2af0a7d4f2653d3fe695f50861636c
-
SSDEEP
6144:DXt3T6MDdbICydeBimcmXKhJUP+6jmA1D0goc:DXttpcmXKnUWY1Dkc
Malware Config
Extracted
Family
44caliber
C2
https://discord.com/api/webhooks/1299714323437846560/8vTyp7oBL-pL3lSrtcRSiyqmJ0QAxIj3uJD3LMbf2ZP-8fjjLRUvMZtdpz8DfGxdoou6
Signatures
-
44Caliber family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 1 freegeoip.app 2 freegeoip.app -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2916 Alpha.exe 2916 Alpha.exe 2916 Alpha.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2916 Alpha.exe