Overview

overview

10

Static

static

10

forcenitro2.7.exe

windows7_x64

7

forcenitro2.7.exe

windows7_x64

7

forcenitro2.7.exe

windows7_x64

7

forcenitro2.7.exe

windows11_x64

8

forcenitro2.7.exe

windows10_x64

10

forcenitro2.7.exe

windows10_x64

7

forcenitro2.7.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    forcenitro2.7.exe

  • Size

    123.3MB

  • Sample

    211028-t3z6ysgffr

  • MD5

    3fc886fc28c6d6973ed8a54da490153e

  • SHA1

    89173cdbbc18d8af60f0c35b471c7fb850e81420

  • SHA256

    0137f1a746d2a74f35d557bafb233dc8cdcb602731d4de0f7e083fb12e0d80d5

  • SHA512

    d939a5075dfce9f7e229f2377236e49b94fad584b7979cdc6799ad200a78f9ff971556ac6f873aacedf95ea2337a6ca4216222c34f9c30f575be5892c43110d2

Score
10/10
discordstealerpersistencepyinstallerspywarestealertrojan

Malware Config

Targets

    • Target

      forcenitro2.7.exe

    • Size

      123.3MB

    • MD5

      3fc886fc28c6d6973ed8a54da490153e

    • SHA1

      89173cdbbc18d8af60f0c35b471c7fb850e81420

    • SHA256

      0137f1a746d2a74f35d557bafb233dc8cdcb602731d4de0f7e083fb12e0d80d5

    • SHA512

      d939a5075dfce9f7e229f2377236e49b94fad584b7979cdc6799ad200a78f9ff971556ac6f873aacedf95ea2337a6ca4216222c34f9c30f575be5892c43110d2

    Score
    10/10
    persistencespywarestealer

    • Registers COM server for autorun

      persistence

    • Sets service image path in registry

      persistence

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks