Overview

overview

10

Static

static

1

t4BWzC6A.html

windows7-x64

3

t4BWzC6A.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    t4BWzC6A

  • Size

    2KB

  • Sample

    250306-z623lsykx7

  • MD5

    cd002c8ef5659d9dbb8f30f34836b2da

  • SHA1

    3407f22d2861a6bc52e1965c351d15d30f7afe17

  • SHA256

    b3bf563ca975578305761e8d8d3504d435f723c50c1eeac39201a7a4cae38c9f

  • SHA512

    851d2aea7fddb15a3d9c20c290edcde01ff79ce7bebfd8ac6c207cafacbd9730df9f48ccdc3d7730cffbc6f692de8d5acab47212b9acd43340d5822c5f039429

Score
10/10
44caliberdiscoveryspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1347311238199115828/9pxHRYzq6qBzX8q3T9vQdGd3AZPYUUuV4qmR9eSmzV1WIj-4MOxwY1LtqTwWutvzsQUZ

Targets

    • Target

      t4BWzC6A

    • Size

      2KB

    • MD5

      cd002c8ef5659d9dbb8f30f34836b2da

    • SHA1

      3407f22d2861a6bc52e1965c351d15d30f7afe17

    • SHA256

      b3bf563ca975578305761e8d8d3504d435f723c50c1eeac39201a7a4cae38c9f

    • SHA512

      851d2aea7fddb15a3d9c20c290edcde01ff79ce7bebfd8ac6c207cafacbd9730df9f48ccdc3d7730cffbc6f692de8d5acab47212b9acd43340d5822c5f039429

    Score
    10/10
    discovery44caliberspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • 44Caliber family

      44caliber

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks