Overview

overview

10

Static

static

3

BootstrapperNew.exe

windows10-ltsc_2021-x64

10

BootstrapperNew.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BootstrapperNew.exe

  • Size

    11.8MB

  • Sample

    250410-nm2f7azvhw

  • MD5

    00bf4984f80c066ce8f4ecaa93c337bb

  • SHA1

    4662aa890e8a64ead9b9f5b5129fae3ca0c5b60e

  • SHA256

    952ad6a684a3c4bbc00494926a933c68707b80ead10eab3f096d252d9d054e9a

  • SHA512

    f716f2675fa5d506e9d220dea8555c9133af43149fdfb484eaa5f1456446aea15faae78e4dd2162a27e7bf22cee95a369a8e299117ebb1d7627a178b0909799e

  • SSDEEP

    196608:WboBI6F8e90gAT7Mad+xxaCSoh3Buv+6tA56+wDHBV7NeHExxX:Wb4P4T7MTxkC1Sv+UA58DHLi

Score
10/10
44caliberdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1324859273448128522/35NX8pTWSAG9BYKMS0plx5Cvuvs_8H5JGZj2A702Gn1FEZ64KTjaAl3gNKdJNc1eYdeY

Targets

    • Target

      BootstrapperNew.exe

    • Size

      11.8MB

    • MD5

      00bf4984f80c066ce8f4ecaa93c337bb

    • SHA1

      4662aa890e8a64ead9b9f5b5129fae3ca0c5b60e

    • SHA256

      952ad6a684a3c4bbc00494926a933c68707b80ead10eab3f096d252d9d054e9a

    • SHA512

      f716f2675fa5d506e9d220dea8555c9133af43149fdfb484eaa5f1456446aea15faae78e4dd2162a27e7bf22cee95a369a8e299117ebb1d7627a178b0909799e

    • SSDEEP

      196608:WboBI6F8e90gAT7Mad+xxaCSoh3Buv+6tA56+wDHBV7NeHExxX:Wb4P4T7MTxkC1Sv+UA58DHLi

    Score
    10/10
    44caliberdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • 44Caliber family

      44caliber

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Modifies Windows Firewall

      defense_evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1
T1091

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Replication Through Removable Media

1
T1091

Collection

Data from Local System

2
T1005

Command and Control

Exfiltration

Impact

Tasks