Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
05-11-2024 21:11
Behavioral task
behavioral1
Sample
123.scr
Resource
win7-20240903-en
General
-
Target
123.scr
-
Size
282KB
-
MD5
9dc5e3d364fba20137971eb948ed5089
-
SHA1
5848daad55e30e542e17213ea83d4c4e8ad66641
-
SHA256
e009fee742f6dd1d2c9fc0e840dbeeca1a705a13c2667bf09daf216c60411e89
-
SHA512
a0eac98d1b820b59fa2ed0ab98bd70b3fa96af2d0d1498f6ad2e23829f6d1852bbc7512d9683ed1985c4d221bada57461a65ea18556d48235d7a8f6a127eefa9
-
SSDEEP
6144:if+BLtABPDMtBBfn1Y0gIoHOQpafTyUlI1D0fVg9MtW:JtVvgIoHOOZ1DKg96
Malware Config
Extracted
44caliber
https://discordapp.com/api/webhooks/1184504729359896607/fPAMX9PDaXX6cd_-7EdUwUPRgvGLKrETMXz361gwk0y19F6LqJJCESeLcwPQReg9mLu9
Signatures
-
44Caliber family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 4 freegeoip.app 5 freegeoip.app -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 123.scr Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 123.scr -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2532 123.scr 2532 123.scr 2532 123.scr 2532 123.scr -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2532 123.scr
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
366B
MD55a22b07e13204fbbe70b4ae8b2d2b228
SHA1e7a8a2ff9f277e19da421c85248b7b0dc23684ef
SHA2569ce16ae499366ef66625575d30bf4d34095ea735762156837235775a2241b655
SHA512943052c6e86b0941bfde8d336af4abe35b234763e6a04eba37d8de72dfc8348de03bced92e07fc589f06d6b4a3e416ac994e121471869141c3b1db51c0f19692
-
Filesize
433B
MD5bfe70fc201f03307238c313ecbd6d1db
SHA1d014d7436ad646defc169ef43fd1a5d71a7acd5f
SHA2566676dbe21ca5f78d161a8057a16ae2240da5b74533de43a960f39f63fdc85c94
SHA512f0ccc8f528cc846d30f356aeff5113df2150fbb6a9a30367664e20ecc04b3e63f596a34f756c0909439f151ed8bb268a938b0ae8304c69aec2694fc5df4ca925