General
-
Target
NitroGen V15.exe
-
Size
4.0MB
-
Sample
230205-vygz9adf4w
-
MD5
4fdc85ca0f6c4fe9f3d91e20e43ee0f5
-
SHA1
eb42f4532e9e3b156acebfa2cda0dcd8373f10d7
-
SHA256
ad19b8b4bbe705b4733357bfe3c38d99e6d77aff57e7830e2e4bc473efa44ae0
-
SHA512
32d4f5a4fd3a902d2d3f75133c093c1999c44f249e38051253d55c63690316edfa19ecf9e9792804afc5a756cefa442fb27fd289b5c0772ce9f06c442b94d9be
-
SSDEEP
98304:H0T+Srp3YVrsk9N8ivyhAdsPSQxLxsnWJLXq0f4ogdCybSKCtm5jKPmNn1c:GfSVN8iNISOlJzqwU6K4
Behavioral task
behavioral1
Sample
NitroGen V15.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
NitroGen V15.exe
-
Size
4.0MB
-
MD5
4fdc85ca0f6c4fe9f3d91e20e43ee0f5
-
SHA1
eb42f4532e9e3b156acebfa2cda0dcd8373f10d7
-
SHA256
ad19b8b4bbe705b4733357bfe3c38d99e6d77aff57e7830e2e4bc473efa44ae0
-
SHA512
32d4f5a4fd3a902d2d3f75133c093c1999c44f249e38051253d55c63690316edfa19ecf9e9792804afc5a756cefa442fb27fd289b5c0772ce9f06c442b94d9be
-
SSDEEP
98304:H0T+Srp3YVrsk9N8ivyhAdsPSQxLxsnWJLXq0f4ogdCybSKCtm5jKPmNn1c:GfSVN8iNISOlJzqwU6K4
Score10/10-
StormKitty payload
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-