General
-
Target
4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b
-
Size
646KB
-
Sample
241217-13vpss1lhq
-
MD5
2eddb25910e24b0aec14096ec42cd9c8
-
SHA1
8f7a1c205e3b9447d3a433ff5712e0fdd95b7b26
-
SHA256
4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b
-
SHA512
986c09949f1c1dad7a57ef95e02f47f58e954ff42d1728fae4ee054fe70d9a45504f78654304307b8c0e1c9e98a97302bd6c2f7b581ed11aa40f9d4e81bdc09a
-
SSDEEP
12288:pxb63VILe4Ni8zGQa13Rsatd36JBH2YQeQd6m24AWtuzJNvAMNyaS/h:pxe3VIS4N9zGQaJRsUYznXjSiCiy
Static task
static1
Behavioral task
behavioral1
Sample
4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b.exe
Resource
win7-20240903-en
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1120478623254708224/cU4HxqyVDvr-lsj-hl3z5Ir-g2JNSHG6NQxON392Hdg4s-byv9nMxsyir7Kylc5QEWVh
Targets
-
-
Target
4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b
-
Size
646KB
-
MD5
2eddb25910e24b0aec14096ec42cd9c8
-
SHA1
8f7a1c205e3b9447d3a433ff5712e0fdd95b7b26
-
SHA256
4b1765e35f418e7a5698fd5709c11b98c6c4aff2637db48a7ad7b59a14b67b8b
-
SHA512
986c09949f1c1dad7a57ef95e02f47f58e954ff42d1728fae4ee054fe70d9a45504f78654304307b8c0e1c9e98a97302bd6c2f7b581ed11aa40f9d4e81bdc09a
-
SSDEEP
12288:pxb63VILe4Ni8zGQa13Rsatd36JBH2YQeQd6m24AWtuzJNvAMNyaS/h:pxe3VIS4N9zGQaJRsUYznXjSiCiy
-
44Caliber family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-