44caliber | 5fd5700f4787f405bc2a0fc6e6233037[.]bin | Triage

Sharing

General

Target

5fd5700f4787f405bc2a0fc6e6233037.bin
Size

122KB
MD5

42b25b4f7be6dc112c24820cf8524c67
SHA1

c8fe638b498a475fba0f68d28862aece2d570773
SHA256

3b2cbf298f77d6d19eec0711403df56e6f6361203a4bfabfecc9dd286d619d58
SHA512

4b60a68f9e928ab2baf9a35a545015b58c02f5bfc504c5df4fe4b78c6ad21a2386f8ae5895630e3e2acfc4d161f74a7a0d47be5086d101ddd0c84d95b9647521
SSDEEP

3072:6IouI5wxR1Q15McLyyzJEBiZBqQBRheyPE:/CnKJyzJEBiZB/hE

Score

10^/10

44caliber

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1324061351169101927/Upg-sOh6FXJYwbAsqIx2PTZdfYr6z3JtFkd-CN6KxlCaM74dpejrx9TbGUYSk03-Cb92

Signatures

44caliber family
44caliber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a680029a0a1bd1aa336b5e4086104f21f2a97b054e6fb1b9fb122ed32786ce12.exe

Files

5fd5700f4787f405bc2a0fc6e6233037.bin
.zip

Password: infected
a680029a0a1bd1aa336b5e4086104f21f2a97b054e6fb1b9fb122ed32786ce12.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ddtug\Downloads\44CALIBER-main\44CALIBER\obj\Debug\Insidious.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ