Overview

overview

7

Static

static

3

forcenitro2.4.1.exe

windows7_x64

7

forcenitro2.4.1.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    forcenitro2.4.1.exe

  • Size

    78.9MB

  • Sample

    210811-xz68vqv7ej

  • MD5

    d292c1fe9f36882b01bd70a2b0aa391c

  • SHA1

    72b0aa6d32e09ced66a3c10414e02e84569e009e

  • SHA256

    a5c3478916ed2c028f824b22b73fc10699be8640b308e5986b7490a1ac818da3

  • SHA512

    138acc03b072806327f03ab6149d2ca86e53ceee33420362047a2e86c800d6c7aaa21401c0a8c2eae627e42f17b2afb6a58e0a6a9eddffa2b330a85bf31a91e6

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      forcenitro2.4.1.exe

    • Size

      78.9MB

    • MD5

      d292c1fe9f36882b01bd70a2b0aa391c

    • SHA1

      72b0aa6d32e09ced66a3c10414e02e84569e009e

    • SHA256

      a5c3478916ed2c028f824b22b73fc10699be8640b308e5986b7490a1ac818da3

    • SHA512

      138acc03b072806327f03ab6149d2ca86e53ceee33420362047a2e86c800d6c7aaa21401c0a8c2eae627e42f17b2afb6a58e0a6a9eddffa2b330a85bf31a91e6

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks