Overview

overview

10

Static

static

10

Nitro Gen.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nitro Gen.exe

  • Size

    148KB

  • Sample

    230526-lmh9haeg95

  • MD5

    17815d9ae8c91fee989f811e9b9a3bc3

  • SHA1

    a6e78f9138abc15f0d5a2067accda1c3254da1d8

  • SHA256

    be9a5bba46a92a1078ab1c456d13fa49bc6fbc07cf0730026a1f4a9a647d9872

  • SHA512

    55ac5e2f1626bd1af2fff8f15b6600a53e31bd5da50a61440e94a273a6ec064ab9bb420e092c37fe82e064acd5aeea2e0ac7276d1525c9aeef5548ce8df9e230

  • SSDEEP

    3072:nc0hZB9EkCA9ideUq5MzMDJsqjMD4GI4+:c0ZIpEAMD+ISR+

Score
10/10
revengeratpersistencestealertrojan

Malware Config

Targets

    • Target

      Nitro Gen.exe

    • Size

      148KB

    • MD5

      17815d9ae8c91fee989f811e9b9a3bc3

    • SHA1

      a6e78f9138abc15f0d5a2067accda1c3254da1d8

    • SHA256

      be9a5bba46a92a1078ab1c456d13fa49bc6fbc07cf0730026a1f4a9a647d9872

    • SHA512

      55ac5e2f1626bd1af2fff8f15b6600a53e31bd5da50a61440e94a273a6ec064ab9bb420e092c37fe82e064acd5aeea2e0ac7276d1525c9aeef5548ce8df9e230

    • SSDEEP

      3072:nc0hZB9EkCA9ideUq5MzMDJsqjMD4GI4+:c0ZIpEAMD+ISR+

    Score
    10/10
    revengeratpersistencestealertrojan

    • RevengeRAT

      Remote-access trojan with a wide range of capabilities.

      trojanrevengerat

    • RevengeRat Executable

      stealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Uses the VBS compiler for execution

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks