Overview

overview

10

Static

static

10

VT.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    63s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-01-2025 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VT.exe

  • Size

    274KB

  • MD5

    7902a5bb28c77d19f2d98808397c467c

  • SHA1

    9e798ca0781b06545baf104754d5850537e6a5b7

  • SHA256

    1b67d363cbfe3c649640e6ff890199441c0adf8e16677b6b6c11669497d94b0d

  • SHA512

    a20190a99969f98297dbba5d2eba9e9da9bc4fef8cb2cf74c26304401eed45655f4bb327339cf716bfea3ada064c2f7afb3281fe3c960e7be817e8a87ce8b68a

  • SSDEEP

    6144:7f+BLtABPDLgj1xw1eO5rbMMzhgUsYqTXGR7afTyUlI1D08eu:E161eO5rbHHsYqTXGfZ1D2u

Score
10/10
44caliberspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1326249466814271488/naWo_CNLtqgjSmqqpEa_f-hQj3_qPSqnAIIM3_SvNJ5vW4qmJf25n4wPf1UsJddmwVYM

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\VT.exe
    "C:\Users\Admin\AppData\Local\Temp\VT.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\44\Process.txt
    Filesize

    738B

    MD5

    59842b5a53d47fcf4382f22d2b7f5d50

    SHA1

    d497adadad815d91a34328150e08dd8267b8f622

    SHA256

    4e1623c9dc4e8c213636dcf5f490ca9edf80692be9f8b3c99da53cdc54b91660

    SHA512

    b6f1c5cb6e63b38ffa9259c7189d3dbe194fcadd43ea81f83c0ced9c067fbf3e1d697494c236b4a1a89ff86fbf86c7e1cdec82aae43d122c0ad6e6bdd805cc7a

    Download Submit

  • C:\Users\Admin\AppData\Local\44\Process.txt
    Filesize

    1KB

    MD5

    fd9b31b8d28c411768d3668357693d53

    SHA1

    9c14c8f5004ab141dfee6741475d3e121587fb65

    SHA256

    73f27c78c9338329ef757c9f05979bb4fc3e0141e6932fd28207816e8f93119e

    SHA512

    22133a3cdf8bdb97776499a7ce5cb24034f5e5296a00b7869e00a4be4bea5d3b845e4f6b847d0f2be9e8a9063ba8d2b7c1303ff701e0bce7543ee53e08f1e556

    Download Submit

  • memory/2728-0-0x000001EF4EC70000-0x000001EF4ECBA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2728-1-0x00007FFE6DBB3000-0x00007FFE6DBB5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2728-32-0x00007FFE6DBB0000-0x00007FFE6E671000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2728-118-0x00007FFE6DBB0000-0x00007FFE6E671000-memory.dmp

    Filesize

    10.8MB

    Download