44caliber | 8b984bb6ea6cee5b9c17766a488c8ab0ace05ea355dd07a415c84383746efef9 | Triage

Sharing

General

Target

JaffaCakes118_8242ac4eb36f38ac6791b45268abed92
Size

1.2MB
Sample

250108-a94ceayncp
MD5

8242ac4eb36f38ac6791b45268abed92
SHA1

12a00ac920b31ebb75f6cf56e768315e96a7bcc6
SHA256

8b984bb6ea6cee5b9c17766a488c8ab0ace05ea355dd07a415c84383746efef9
SHA512

90305f195022afb27653fca0023b29eac5ba72e21000219285ca7168de76133da14a7c2ca6b8c98cb56d62a1826b05505de533e497feeb2295c95a356dbac8d0
SSDEEP

24576:XbDbhxpUABuuc7eLldwcdECl7xpVlMKnKoAjBt6jodgbKmp+rRwjT332P:reAnrcciEpT1KoAjB6od8KmJTn2P

Score

10^/10

44caliber discovery spyware stealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/899272326225489931/bx_ZitvINloyS_p7Mt8ypSdpcHyTlkZQ94mZqgQV-8qhAi4mpNWm2GpwtHDA8yg8VYmd

Targets

- Target
  
  JaffaCakes118_8242ac4eb36f38ac6791b45268abed92
- Size
  
  1.2MB
- MD5
  
  8242ac4eb36f38ac6791b45268abed92
- SHA1
  
  12a00ac920b31ebb75f6cf56e768315e96a7bcc6
- SHA256
  
  8b984bb6ea6cee5b9c17766a488c8ab0ace05ea355dd07a415c84383746efef9
- SHA512
  
  90305f195022afb27653fca0023b29eac5ba72e21000219285ca7168de76133da14a7c2ca6b8c98cb56d62a1826b05505de533e497feeb2295c95a356dbac8d0
- SSDEEP
  
  24576:XbDbhxpUABuuc7eLldwcdECl7xpVlMKnKoAjBt6jodgbKmp+rRwjT332P:reAnrcciEpT1KoAjB6od8KmJTn2P
Score

10^/10

44caliber discovery spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- 44Caliber family
  44caliber
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44caliberdiscoveryspywarestealer

behavioral2

44caliberdiscoveryspywarestealer