General

  • Target

    Nitro_Generator.exe

  • Size

    28MB

  • Sample

    220520-rxzxwsgfb8

  • MD5

    3a6cab4577a89bef32be87410e96ea02

  • SHA1

    b9fcb24886ce126e434e4f96088b21ce312e676b

  • SHA256

    4b1a49b284fab91c0da063aa2ef01b18dd9ac128b9c17778b32ed690504064a7

  • SHA512

    38f1d387a05d1d418179912dc21cdaabbca6871f375d884be4b98241ce542aec21554fcc6e5537307ed2d30e4902c4df9a9057d98de0e617edd65ea86051da51

Malware Config

Targets

    • Target

      Nitro_Generator.exe

    • Size

      28MB

    • MD5

      3a6cab4577a89bef32be87410e96ea02

    • SHA1

      b9fcb24886ce126e434e4f96088b21ce312e676b

    • SHA256

      4b1a49b284fab91c0da063aa2ef01b18dd9ac128b9c17778b32ed690504064a7

    • SHA512

      38f1d387a05d1d418179912dc21cdaabbca6871f375d884be4b98241ce542aec21554fcc6e5537307ed2d30e4902c4df9a9057d98de0e617edd65ea86051da51

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks