General

  • Target

    fb4d683e3ae0f7d5e33df5bf301daa58_JaffaCakes118

  • Size

    6.9MB

  • Sample

    241218-m8yrrawnew

  • MD5

    fb4d683e3ae0f7d5e33df5bf301daa58

  • SHA1

    36a1de1d727c726aba7dab2b2937be337c538348

  • SHA256

    d684eb2255665b6953a3ce3f23721d4130987ffa61ad69482fd706392ab9bf3e

  • SHA512

    ccb13161a680f80fd6e93956bc50d3c070c344c36096118240b2159cdbf6ad866fb68b0257e8bbd156cec5dbf77195ef405ef1ddc0c92fa4d5166548b49d4554

  • SSDEEP

    196608:aaMDtIiXP2B0r3he64mCtabd1MEXltYYgsDG:aaUJtrReIHd1ME5Ri

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/854449200544481340/h9Qp-FHl7aROvxHN_j_GBe2W_7GEv-jYyr5ljRUrqO18MRY3RYt72njct-cF-n2sdbCe

Targets

    • Target

      fb4d683e3ae0f7d5e33df5bf301daa58_JaffaCakes118

    • Size

      6.9MB

    • MD5

      fb4d683e3ae0f7d5e33df5bf301daa58

    • SHA1

      36a1de1d727c726aba7dab2b2937be337c538348

    • SHA256

      d684eb2255665b6953a3ce3f23721d4130987ffa61ad69482fd706392ab9bf3e

    • SHA512

      ccb13161a680f80fd6e93956bc50d3c070c344c36096118240b2159cdbf6ad866fb68b0257e8bbd156cec5dbf77195ef405ef1ddc0c92fa4d5166548b49d4554

    • SSDEEP

      196608:aaMDtIiXP2B0r3he64mCtabd1MEXltYYgsDG:aaUJtrReIHd1ME5Ri

    • 44Caliber

      An open source infostealer written in C#.

    • 44Caliber family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks