Behavioral task
behavioral1
Sample
NitroGen V15.exe
Resource
win10v2004-20220812-en
General
-
Target
NitroGen V15.exe
-
Size
4.0MB
-
MD5
4fdc85ca0f6c4fe9f3d91e20e43ee0f5
-
SHA1
eb42f4532e9e3b156acebfa2cda0dcd8373f10d7
-
SHA256
ad19b8b4bbe705b4733357bfe3c38d99e6d77aff57e7830e2e4bc473efa44ae0
-
SHA512
32d4f5a4fd3a902d2d3f75133c093c1999c44f249e38051253d55c63690316edfa19ecf9e9792804afc5a756cefa442fb27fd289b5c0772ce9f06c442b94d9be
-
SSDEEP
98304:H0T+Srp3YVrsk9N8ivyhAdsPSQxLxsnWJLXq0f4ogdCybSKCtm5jKPmNn1c:GfSVN8iNISOlJzqwU6K4
Malware Config
Signatures
-
Nirsoft 1 IoCs
Processes:
resource yara_rule sample Nirsoft -
StormKitty payload 1 IoCs
Processes:
resource yara_rule sample family_stormkitty -
Stormkitty family
-
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers
Processes:
resource yara_rule sample WebBrowserPassView
Files
-
NitroGen V15.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 150KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ