General
-
Target
forcenitro2.4.1.exe
-
Size
78.9MB
-
Sample
210811-xz68vqv7ej
-
MD5
d292c1fe9f36882b01bd70a2b0aa391c
-
SHA1
72b0aa6d32e09ced66a3c10414e02e84569e009e
-
SHA256
a5c3478916ed2c028f824b22b73fc10699be8640b308e5986b7490a1ac818da3
-
SHA512
138acc03b072806327f03ab6149d2ca86e53ceee33420362047a2e86c800d6c7aaa21401c0a8c2eae627e42f17b2afb6a58e0a6a9eddffa2b330a85bf31a91e6
Static task
static1
Behavioral task
behavioral1
Sample
forcenitro2.4.1.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
forcenitro2.4.1.exe
-
Size
78.9MB
-
MD5
d292c1fe9f36882b01bd70a2b0aa391c
-
SHA1
72b0aa6d32e09ced66a3c10414e02e84569e009e
-
SHA256
a5c3478916ed2c028f824b22b73fc10699be8640b308e5986b7490a1ac818da3
-
SHA512
138acc03b072806327f03ab6149d2ca86e53ceee33420362047a2e86c800d6c7aaa21401c0a8c2eae627e42f17b2afb6a58e0a6a9eddffa2b330a85bf31a91e6
-
Drops startup file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-