44caliber | c75b299ee8d5af6943de2b98cd9d36389cf7f98cd36e68239afd520e5bbfec52 | Triage

Sharing

General

Target

c75b299ee8d5af6943de2b98cd9d36389cf7f98cd36e68239afd520e5bbfec52
Size

11.1MB
Sample

250223-y2b5ysvpdz
MD5

f43381c52c7d3eab6347894ff1bf6d35
SHA1

097a6a49f8ba7c10d7cc0ddca69c5c9036fc5213
SHA256

c75b299ee8d5af6943de2b98cd9d36389cf7f98cd36e68239afd520e5bbfec52
SHA512

bd05ef1fc7279445fa9ad50dd2400aaf7bc2643c5d13cabca20204afeaa77a4ac36c99395765ba85df3f401762ccf002327bd99d92018e9db669654ee3c5c874
SSDEEP

196608:fFqdGKeCIfqQq1QsKW7nSxXJQTMypF24oTq8MyuSIoQIwunHpm7oDvqU9rvJSHgB:MGKeCnQq1QsKC9TxYbJuSIo/f9r0gyM

Score

10^/10

44caliber pyinstaller spyware stealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/1341705749000097873/Cm8XbJ9POoDIJFj-kHv4cNQ57rKrRSTTynrXpCZxyy6LbWHN-1RW5g-4NuUtr-gmtiFT

Targets

- Target
  
  c75b299ee8d5af6943de2b98cd9d36389cf7f98cd36e68239afd520e5bbfec52
- Size
  
  11.1MB
- MD5
  
  f43381c52c7d3eab6347894ff1bf6d35
- SHA1
  
  097a6a49f8ba7c10d7cc0ddca69c5c9036fc5213
- SHA256
  
  c75b299ee8d5af6943de2b98cd9d36389cf7f98cd36e68239afd520e5bbfec52
- SHA512
  
  bd05ef1fc7279445fa9ad50dd2400aaf7bc2643c5d13cabca20204afeaa77a4ac36c99395765ba85df3f401762ccf002327bd99d92018e9db669654ee3c5c874
- SSDEEP
  
  196608:fFqdGKeCIfqQq1QsKW7nSxXJQTMypF24oTq8MyuSIoQIwunHpm7oDvqU9rvJSHgB:MGKeCnQq1QsKC9TxYbJuSIo/f9r0gyM
Score

10^/10

44caliber pyinstaller spyware stealer
- 44Caliber
  An open source infostealer written in C#.
  stealer 44caliber
- 44Caliber family
  44caliber
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

44caliberpyinstallerspywarestealer

behavioral2

44caliberpyinstallerspywarestealer