Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
11-02-2025 12:12
General
-
Target
Insidious.exe
-
Size
303KB
-
MD5
9aa717cec4e9f75aa00e786eae4a3d04
-
SHA1
ac99a075824a6b085745e302ff48abf368d31d27
-
SHA256
158ec994a6de6b0b7cffcf86c9474f91cacdb6b0ce0e7a070df250870cc0c044
-
SHA512
8d092206c0f3d11e2f5146bbc15488990c2952dbd843188aa91c745b5a513f9ea3d63ced78a113c17544d684031f123ec989034fafd1f70c9f355efc02fccde5
-
SSDEEP
6144:dRlT6MDdbICydeBV9suqPmlF62y6hmA1D0tUt:dRT4uqPmH6Da1D5t
Score
10/10
Malware Config
Extracted
Family
44caliber
C2
https://discord.com/api/webhooks/1338833550199492618/rw2c6QUr58msenoKNKsg8ZLDsVFUzkO7iGhk2kE6ipUW1tOa4RuHOLFqDfRB05yiIfWD
Signatures
-
44Caliber
An open source infostealer written in C#.
-
44Caliber family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Insidious.exe"C:\Users\Admin\AppData\Local\Temp\Insidious.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1704 -s 11922⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
328KB
-
Filesize
9.9MB
-
Filesize
9.9MB