General

  • Target

    843d1069d0acfd77f82eb9ac4f3d9d0ef4827aefa080c82570162ace6e7e30c5.exe

  • Size

    1.2MB

  • Sample

    241123-b19y9szrfp

  • MD5

    508b401d8d7a56da01c8712b088298ef

  • SHA1

    05ac6bee5f650f3505fd542bdb7631bc755a2a34

  • SHA256

    843d1069d0acfd77f82eb9ac4f3d9d0ef4827aefa080c82570162ace6e7e30c5

  • SHA512

    c1b3b28ac58f613705cf048fd23f1d04733e7f5ebd213915e4132ed05f0bcf239f9e41790ece618a987ebf64bce3569f068e7d9d9198bce0b71b14f907e6a66a

  • SSDEEP

    24576:XbDbhxpUABuuc7eLldwcdECl7xpVlMKnKoAjBt6jodgbKmp+rRwjT332f:reAnrcciEpT1KoAjB6od8KmJTn2f

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/899272326225489931/bx_ZitvINloyS_p7Mt8ypSdpcHyTlkZQ94mZqgQV-8qhAi4mpNWm2GpwtHDA8yg8VYmd

Targets

    • Target

      843d1069d0acfd77f82eb9ac4f3d9d0ef4827aefa080c82570162ace6e7e30c5.exe

    • Size

      1.2MB

    • MD5

      508b401d8d7a56da01c8712b088298ef

    • SHA1

      05ac6bee5f650f3505fd542bdb7631bc755a2a34

    • SHA256

      843d1069d0acfd77f82eb9ac4f3d9d0ef4827aefa080c82570162ace6e7e30c5

    • SHA512

      c1b3b28ac58f613705cf048fd23f1d04733e7f5ebd213915e4132ed05f0bcf239f9e41790ece618a987ebf64bce3569f068e7d9d9198bce0b71b14f907e6a66a

    • SSDEEP

      24576:XbDbhxpUABuuc7eLldwcdECl7xpVlMKnKoAjBt6jodgbKmp+rRwjT332f:reAnrcciEpT1KoAjB6od8KmJTn2f

    • 44Caliber

      An open source infostealer written in C#.

    • 44Caliber family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks