Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
25/02/2025, 03:09 UTC
General
-
Target
ab8a843f20bcb1f3396ad5ada9e7219a41ee0096283cb8230dfb57e3196ca3b4N.exe
-
Size
303KB
-
MD5
148c735a6d5ed9319b5589f6f3da4370
-
SHA1
af665c2e1e8c6182c96a591cdb2fec6ba22e2b7b
-
SHA256
ab8a843f20bcb1f3396ad5ada9e7219a41ee0096283cb8230dfb57e3196ca3b4
-
SHA512
71771ba4c2c884ad0a33ea0cb7b9740cac4a958dd696a9a4ae965fb705307494a55678122c5d0796b01053baa636ca6e4e0e4a9f84c45e8aaba103bf6087e436
-
SSDEEP
6144:jT8T6MDdbICydeBbUoGYyo51ZfpvwrmA1D0oy9:jTq4oGYys1ZxvK1Du9
Score
10/10
Malware Config
Extracted
Family
44caliber
C2
https://discord.com/api/webhooks/1339959928726749206/zR7gpRGAWJs7CmuNiEfi7k7GbCXcAzsDQ-VSd5Os1J81s8ySI7nGZ3Oh8tUO-0iIcgIC
Signatures
-
44Caliber
An open source infostealer written in C#.
-
44Caliber family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ab8a843f20bcb1f3396ad5ada9e7219a41ee0096283cb8230dfb57e3196ca3b4N.exe"C:\Users\Admin\AppData\Local\Temp\ab8a843f20bcb1f3396ad5ada9e7219a41ee0096283cb8230dfb57e3196ca3b4N.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3056 -s 11882⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
328KB
-
Filesize
9.9MB
-
Filesize
9.9MB