General

  • Target

    123.scr

  • Size

    282KB

  • Sample

    241105-z11btsxrdv

  • MD5

    9dc5e3d364fba20137971eb948ed5089

  • SHA1

    5848daad55e30e542e17213ea83d4c4e8ad66641

  • SHA256

    e009fee742f6dd1d2c9fc0e840dbeeca1a705a13c2667bf09daf216c60411e89

  • SHA512

    a0eac98d1b820b59fa2ed0ab98bd70b3fa96af2d0d1498f6ad2e23829f6d1852bbc7512d9683ed1985c4d221bada57461a65ea18556d48235d7a8f6a127eefa9

  • SSDEEP

    6144:if+BLtABPDMtBBfn1Y0gIoHOQpafTyUlI1D0fVg9MtW:JtVvgIoHOOZ1DKg96

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/1184504729359896607/fPAMX9PDaXX6cd_-7EdUwUPRgvGLKrETMXz361gwk0y19F6LqJJCESeLcwPQReg9mLu9

Targets

    • Target

      123.scr

    • Size

      282KB

    • MD5

      9dc5e3d364fba20137971eb948ed5089

    • SHA1

      5848daad55e30e542e17213ea83d4c4e8ad66641

    • SHA256

      e009fee742f6dd1d2c9fc0e840dbeeca1a705a13c2667bf09daf216c60411e89

    • SHA512

      a0eac98d1b820b59fa2ed0ab98bd70b3fa96af2d0d1498f6ad2e23829f6d1852bbc7512d9683ed1985c4d221bada57461a65ea18556d48235d7a8f6a127eefa9

    • SSDEEP

      6144:if+BLtABPDMtBBfn1Y0gIoHOQpafTyUlI1D0fVg9MtW:JtVvgIoHOOZ1DKg96

    • 44Caliber

      An open source infostealer written in C#.

    • 44Caliber family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks