82a1371c11aec9e8090bb454b1e82325600f090c281f9035478f39ed2c5e1f98 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Nitro Giveaway.exe

windows7-x64

9

Nitro Giveaway.exe

windows10-2004-x64

9

Sharing

General

Target

Nitro Giveaway.exe
Size

4.5MB
Sample

230723-3leclahf3s
MD5

ac1c1e0f6655f7e96cc0462892b3ed6d
SHA1

115c61abbfab4adad6cd9ac43f9c3cd843419371
SHA256

82a1371c11aec9e8090bb454b1e82325600f090c281f9035478f39ed2c5e1f98
SHA512

0ed002fc47d48775880fe429ca17f8c8afda85d9baee826470ddf4be276071cfbc39cb2801c6c114a2121adbbfe98385a4f78dc5b083d3ee8fd81619132fdf89
SSDEEP

98304:TQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:KzUcwti7TQlF3ZxxWJSUnDv

Score

10^/10

spyware stealer upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Nitro Giveaway.exe

Resource

win7-20230712-en

spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Nitro Giveaway.exe

Resource

win10v2004-20230703-en

spyware stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  Nitro Giveaway.exe
- Size
  
  4.5MB
- MD5
  
  ac1c1e0f6655f7e96cc0462892b3ed6d
- SHA1
  
  115c61abbfab4adad6cd9ac43f9c3cd843419371
- SHA256
  
  82a1371c11aec9e8090bb454b1e82325600f090c281f9035478f39ed2c5e1f98
- SHA512
  
  0ed002fc47d48775880fe429ca17f8c8afda85d9baee826470ddf4be276071cfbc39cb2801c6c114a2121adbbfe98385a4f78dc5b083d3ee8fd81619132fdf89
- SSDEEP
  
  98304:TQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:KzUcwti7TQlF3ZxxWJSUnDv
Score

9^/10

spyware stealer upx
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

spywarestealerupx

© 2018-2025

Terms | Privacy