General

  • Target

    4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b

  • Size

    646KB

  • Sample

    241217-13vpss1lhq

  • MD5

    2eddb25910e24b0aec14096ec42cd9c8

  • SHA1

    8f7a1c205e3b9447d3a433ff5712e0fdd95b7b26

  • SHA256

    4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b

  • SHA512

    986c09949f1c1dad7a57ef95e02f47f58e954ff42d1728fae4ee054fe70d9a45504f78654304307b8c0e1c9e98a97302bd6c2f7b581ed11aa40f9d4e81bdc09a

  • SSDEEP

    12288:pxb63VILe4Ni8zGQa13Rsatd36JBH2YQeQd6m24AWtuzJNvAMNyaS/h:pxe3VIS4N9zGQaJRsUYznXjSiCiy

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1120478623254708224/cU4HxqyVDvr-lsj-hl3z5Ir-g2JNSHG6NQxON392Hdg4s-byv9nMxsyir7Kylc5QEWVh

Targets

    • Target

      4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b

    • Size

      646KB

    • MD5

      2eddb25910e24b0aec14096ec42cd9c8

    • SHA1

      8f7a1c205e3b9447d3a433ff5712e0fdd95b7b26

    • SHA256

      4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b

    • SHA512

      986c09949f1c1dad7a57ef95e02f47f58e954ff42d1728fae4ee054fe70d9a45504f78654304307b8c0e1c9e98a97302bd6c2f7b581ed11aa40f9d4e81bdc09a

    • SSDEEP

      12288:pxb63VILe4Ni8zGQa13Rsatd36JBH2YQeQd6m24AWtuzJNvAMNyaS/h:pxe3VIS4N9zGQaJRsUYznXjSiCiy

    • 44Caliber

      An open source infostealer written in C#.

    • 44Caliber family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks