Extracted

• • Target

    JaffaCakes118_ce6a090b03c500285a62d94abfb8560c

  • Size

    122KB

  • MD5

    ce6a090b03c500285a62d94abfb8560c

  • SHA1

    86a8b4c7132ab33e2fbe39f72adea570d3d06330

  • SHA256

    d12be37868f64911eddbb4d23645cacd3ae066d1caec75e90a29fb2d71b18027

  • SHA512

    65f61f5caacd162f6b2044c72829566ade18dcafa48a5d4278f904ccc733de37de0f22d2905702fc85571876966b25a2304ea85b4f153d9122e9f1f7bb041964

  • SSDEEP

    3072:HETsDQEIIaPpucm1FF28A/rArPPY36RTGn+v1jmlBjlGe92:HENpBPpuhFYDGhRTrwlv39

  Score

  10^/10

  44caliberdiscoveryspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • 44Caliber family

    44caliber

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2