Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NitroGift.exe
-
Size
13.0MB
-
Sample
230711-qy359sae21
-
MD5
4844a731d2261069aef12777f18cf59e
-
SHA1
2d5a1d27bca288b7488ee8a610283044758fb7d7
-
SHA256
1dd9011c7f2faccae6b075e26c6c63977ef29ae1b761e6ba0a2479dc8a3de01e
-
SHA512
10641e034b6f8551f9beb7d34f61e55bfb9b40802c8278561a141ea141c528a98173de99f4b0b95a81f2b386d0f3ee7963e2d9410dabac51918d6b4d0fdfc1f6
-
SSDEEP
196608:dYfwccBDzf4LBIP6tdQmRJ8dA6lSuVaycBIGpEKo6hTOv+QKf0f4bOUfGlEf07O8:Xcszf490SdQuslSl9DoWOv+9fA4UEf
Behavioral task
behavioral1
Sample
NitroGift.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
NitroGift.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
main.pyc
Resource
win7-20230703-en
Behavioral task
behavioral4
Sample
main.pyc
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
NitroGift.exe
-
Size
13.0MB
-
MD5
4844a731d2261069aef12777f18cf59e
-
SHA1
2d5a1d27bca288b7488ee8a610283044758fb7d7
-
SHA256
1dd9011c7f2faccae6b075e26c6c63977ef29ae1b761e6ba0a2479dc8a3de01e
-
SHA512
10641e034b6f8551f9beb7d34f61e55bfb9b40802c8278561a141ea141c528a98173de99f4b0b95a81f2b386d0f3ee7963e2d9410dabac51918d6b4d0fdfc1f6
-
SSDEEP
196608:dYfwccBDzf4LBIP6tdQmRJ8dA6lSuVaycBIGpEKo6hTOv+QKf0f4bOUfGlEf07O8:Xcszf490SdQuslSl9DoWOv+9fA4UEf
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
29KB
-
MD5
6a99bfecfca3d302c5e84fcffc17c2cb
-
SHA1
e5ba4fbec7b12250114283f59f3ec6f63fcb6541
-
SHA256
9c63041462f5807702cf3db884ae1e45f76a3ee9ed601439734f1864a0ac47d2
-
SHA512
3a51941b73893a1d69f5897cc4a61ed8f74b51a304ec5286daa713cd842c225849d85f97b5f504a101e1446af982de6e1fbe7e1433697b17b57596adb8274b5f
-
SSDEEP
768:pivl0d5jYDAlk+qA+GPiNq2V7OpIVFRvHr2phHPU+ImEKQlw7cC8kHC:kexjiqgSyVPVmVQlRii
Score3/10 -