44caliber | Insidious[.]exe | Triage

Sharing

General

Target

Insidious.exe
Size

303KB
MD5

7505682a058f45df956a6cdaa930af95
SHA1

dcf5b4a3de803af8361c85067605bd71d40035ba
SHA256

fe71bbfb6ea7f2373565eaccf6dc11ad16bf1f067da9bd22424e380fc14ff990
SHA512

c4f9b38610ed8a0503d2aa55ce4241537c75ee88b72abda1b3a87c911419c71cbe2a84a203c7624e24a453b1f975937c2360d7136535298499db778402c599d0
SSDEEP

6144:tRlT6MDdbICydeBV9suqPmlF62y6jmA1D0jCc:tRT4uqPmH6DY1DJc

Score

10^/10

44caliber

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1338073007217840141/eDeh4wwBxq9r_iLg9SoCkKAfiG9U5xZFSL0XqRVIuzLG3ldF3nrWp9gggQzPfh9skV6-

Signatures

44caliber family
44caliber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Insidious.exe

Files

Insidious.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\kobza\Desktop\stealer\44CALIBER-main\44CALIBER\obj\Debug\Insidious.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ