Extracted

• • Target

    e20f2a6dcc54524c456a339dc0d4d6d943f115980ae3959f83c6796becdce8cd.exe

  • Size

    586KB

  • MD5

    5baa2d8574f45208fcefb8eef68733f5

  • SHA1

    15fe222ddfebc44946f39be2aaf06ca1eb2f76f7

  • SHA256

    e20f2a6dcc54524c456a339dc0d4d6d943f115980ae3959f83c6796becdce8cd

  • SHA512

    40457ddb05cbd5bae8d8dce7dfcb5fe5e482cfe591a9cc9455a7f8c406a4c887b21fbb71ab27b1eaa1e112392f61bdb6a6729d6203c7977eaa99770c630f27c8

  • SSDEEP

    12288:eKry2/qZXzmLT+tGHAioNRwhEGATZNjwgRcnSR/iCo2SgQ:5ry2uXzmDgio4hE3j/NR/iCjLQ

  Score

  10^/10

  44caliberdiscoveryspywarestealer

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber

  • 44Caliber family

    44caliber

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2