Overview

overview

10

Static

static

10

d5c99e1f25...82.exe

windows7-x64

10

d5c99e1f25...82.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    95s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2024 03:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5c99e1f25dbdbec5a2545a4cea9e948f7b7c8188cc966b8ac69f3b1b95cea82.exe

  • Size

    303KB

  • MD5

    5c6721a4445b1ad34affb5d66c987573

  • SHA1

    d2f20db4d9a3fd2e72a0545926b6fee1f3283d47

  • SHA256

    d5c99e1f25dbdbec5a2545a4cea9e948f7b7c8188cc966b8ac69f3b1b95cea82

  • SHA512

    15c3d229c7ad3e2036405c68f7f59f03cf774348e89d7fdf04cf0c1220c34cd6029bb5b96a5084a056cb4aadab2474a915a0c0640015e5ccd30c472a68a2e085

  • SSDEEP

    6144:PjFT6MDdbICydeB0iG54G4S+ZoH86jmA1D0/Hx:PjzQ54G4SuocY1Dsx

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1303704145731260446/-6ntBnd7ROApHmCsRB7Lli7gKTsLyWRgcOJ-cJbRXh5PQKViLyldpkyDBWbuBRUun_nd

Signatures

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber
  • 44Caliber family
    44caliber
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5c99e1f25dbdbec5a2545a4cea9e948f7b7c8188cc966b8ac69f3b1b95cea82.exe
    "C:\Users\Admin\AppData\Local\Temp\d5c99e1f25dbdbec5a2545a4cea9e948f7b7c8188cc966b8ac69f3b1b95cea82.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\44\Process.txt
    Filesize

    1KB

    MD5

    898e6fffe0207cf3fbfc22864c01ab68

    SHA1

    78ba6e63bf5ffe0bcd042aa446df39b55935c5f2

    SHA256

    63e3cfa144e0894eeea09ec0686253319ff2dce36d5ddbcfe9dc2ce34e45fe69

    SHA512

    f6cbe926315bf985d8023c114618f7d80981d74af4fed9b9b89b14f3f32aa135c25216924797a6e74b547d9cdad572cbc52bc00694495026743da67c4d667759

    Download Submit

  • memory/1000-1-0x0000016ED43A0000-0x0000016ED43F2000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1000-0-0x00007FF878A33000-0x00007FF878A35000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1000-33-0x00007FF878A30000-0x00007FF8794F1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1000-120-0x00007FF878A30000-0x00007FF8794F1000-memory.dmp

    Filesize

    10.8MB

    Download