General
-
Target
forcenitro2.7.exe
-
Size
123.3MB
-
Sample
211028-t4vb4agfgm
-
MD5
3fc886fc28c6d6973ed8a54da490153e
-
SHA1
89173cdbbc18d8af60f0c35b471c7fb850e81420
-
SHA256
0137f1a746d2a74f35d557bafb233dc8cdcb602731d4de0f7e083fb12e0d80d5
-
SHA512
d939a5075dfce9f7e229f2377236e49b94fad584b7979cdc6799ad200a78f9ff971556ac6f873aacedf95ea2337a6ca4216222c34f9c30f575be5892c43110d2
Static task
static1
Behavioral task
behavioral1
Sample
forcenitro2.7.exe
Resource
win7-ja-20210920
Behavioral task
behavioral2
Sample
forcenitro2.7.exe
Resource
win7-en-20211014
Behavioral task
behavioral3
Sample
forcenitro2.7.exe
Resource
win7-de-20210920
Behavioral task
behavioral4
Sample
forcenitro2.7.exe
Resource
win11
Behavioral task
behavioral5
Sample
forcenitro2.7.exe
Resource
win10-ja-20211014
Behavioral task
behavioral6
Sample
forcenitro2.7.exe
Resource
win10-en-20210920
Behavioral task
behavioral7
Sample
forcenitro2.7.exe
Resource
win10-de-20211014
Malware Config
Targets
-
-
Target
forcenitro2.7.exe
-
Size
123.3MB
-
MD5
3fc886fc28c6d6973ed8a54da490153e
-
SHA1
89173cdbbc18d8af60f0c35b471c7fb850e81420
-
SHA256
0137f1a746d2a74f35d557bafb233dc8cdcb602731d4de0f7e083fb12e0d80d5
-
SHA512
d939a5075dfce9f7e229f2377236e49b94fad584b7979cdc6799ad200a78f9ff971556ac6f873aacedf95ea2337a6ca4216222c34f9c30f575be5892c43110d2
Score10/10-
Registers COM server for autorun
-
Drops startup file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-