44caliber | Insidious[.]exe | Triage

Sharing

General

Target

Insidious.exe
Size

303KB
MD5

c43ddb1e9fd0b8f0c9c641dac61602f1
SHA1

b2da3dda97fb4d3244c8c29613b1cd36bec3b694
SHA256

8160930de4b082c7f57d69f9d5cbe8f820d9054f20b4b11bacbd318cdd4b6552
SHA512

ec26ab1b75a99d5bf05191d74aa688fce7689f4929f1da297693035fdaf4bd74aa43126e70fb93612a5e0c5e720213bf6d8c6d9906ff038827f8283ad3381064
SSDEEP

6144:hXt3T6MDdbICydeBimcmXKhJUPawkmA1D04+g:hXttpcmXKnUSJ1DCg

Score

10^/10

44caliber

Malware Config

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1359941830325833781/Ee-iVoBJXHU7iXknLWKE1DQbAdhfEQ1EBs0-nU-V0FMyVWSdYMlkvENsrU--COpQB_Al

Signatures

44caliber family
44caliber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Insidious.exe

Files

Insidious.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\spudy\Desktop\44CALIBER-main\44CALIBER\obj\Debug\Insidious.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ