Overview

overview

9

Static

static

3

Nitro_Sniper.exe

windows10-2004-x64

7

nitro-codes.txt.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nitro.codes.rar

  • Size

    12.2MB

  • Sample

    220919-qzy8psfbcl

  • MD5

    068bb7099c0b77bf2952813d5960110e

  • SHA1

    c1a353b84b9f090aa573e3b4401375a797df40c4

  • SHA256

    d8efbb980f9754d509f5e0936d31f23203c641445a4a64af29e24913902e3f91

  • SHA512

    6696755594323fe60b9aa4a30a324d2f63fa48fbf81eac342d0ac275363a77771b5a61ddbcfc3fc8e06a3195339feaf759c2472d631446b9126747fb5302ca24

  • SSDEEP

    196608:eNEQQRICYdKpaEKq1yOnSo4qXlnsLnMk+dIRoHE0kRwcCKN023UHfsJ2TpCEuhSN:EvUEolnMno7HGwcCKfUUipCGYUEK

Score
9/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      Nitro_Sniper.exe

    • Size

      9.7MB

    • MD5

      a2f2af284ce9e3965222da1ab977af9c

    • SHA1

      685a07f6bb6df225a888688d066f6ed190819acd

    • SHA256

      2cec0e6be56e3885e310a082d1bafd4f7090a742406410d2cc0f70bedce41e87

    • SHA512

      a0ac0d30fd5024e9c66581c99d7cee715ebadab7b84c6cbb638137f80996923358a00215af0a49026e462db8fd00913f5edf527d0e9e9fdc67e3ddb6c8d773c2

    • SSDEEP

      196608:whuHx7dvW0bF7FoRE2nxICteEroXxWVfEqlbkkwR7VTEJ43duM6c1hTa6J7:Bd1FeREWxInEroXgfEqirRRoJ43db6oJ

    Score
    7/10

    • Loads dropped DLL

    behavioral1

    • Target

      nitro-codes.txt.exe

    • Size

      2.8MB

    • MD5

      9e1cc50d9c51709b3e17cd98575e9d4a

    • SHA1

      32255215d4798b901118bcc940b74c93df568ba6

    • SHA256

      b9c52a15f95bb32a8bb4a51f79dfae01962682d9445eda9e294090558c4f35bb

    • SHA512

      09fd0778265bbd75dd0b468e778b1806ab44e62e514e29e1cd5dbd19262efded6d47741e8d156a9b791a9ecd4822b8c341be0a6d3a36930ab81fdfd509de8062

    • SSDEEP

      49152:FsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:TqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs

    Score
    9/10
    spywarestealer

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

MITRE ATT&CK Enterprise v6

Tasks