Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10NitroGenerator.rar
windows7-x64
7NitroGenerator.rar
windows10-2004-x64
8Nitro Generator.exe
windows7-x64
7Nitro Generator.exe
windows10-2004-x64
7main.pyc
windows7-x64
3main.pyc
windows10-2004-x64
3ReadMe.txt
windows7-x64
1ReadMe.txt
windows10-2004-x64
1install_python.bat
windows7-x64
1install_python.bat
windows10-2004-x64
8General
-
Target
NitroGenerator.rar
-
Size
18.2MB
-
Sample
240220-zhst2afc62
-
MD5
0f9fdadb340f36684255eb9fe32d0364
-
SHA1
14dcdefef70f7e443c4f38a1f9333b8d7b5e2a94
-
SHA256
40f7c20cde14d5158e027a6c4adbc0cd1fcbf1d627a4d25cb09bdaafab3d103a
-
SHA512
988a874443d1439fe939441940c39ce96294d1e6d035029c57e8a10c315c6206fb0e67ae83b2b920ebe91b1f16f029f21474ac1d395972df4237d62c83084ad9
-
SSDEEP
393216:/ijswMe8CX5P7uuaPTrDZimg5mEDXt3IPrce7G7Ci3thnsLuAWWUg/V2zs:qj4jkbaPTHZimg59Tt3IPRG7C8fnsLuQ
Behavioral task
behavioral1
Sample
NitroGenerator.rar
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
NitroGenerator.rar
Resource
win10v2004-20240220-en
Behavioral task
behavioral3
Sample
Nitro Generator.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
Nitro Generator.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
main.pyc
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
main.pyc
Resource
win10v2004-20240220-en
Behavioral task
behavioral7
Sample
ReadMe.txt
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
ReadMe.txt
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
install_python.bat
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
install_python.bat
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
NitroGenerator.rar
-
Size
18.2MB
-
MD5
0f9fdadb340f36684255eb9fe32d0364
-
SHA1
14dcdefef70f7e443c4f38a1f9333b8d7b5e2a94
-
SHA256
40f7c20cde14d5158e027a6c4adbc0cd1fcbf1d627a4d25cb09bdaafab3d103a
-
SHA512
988a874443d1439fe939441940c39ce96294d1e6d035029c57e8a10c315c6206fb0e67ae83b2b920ebe91b1f16f029f21474ac1d395972df4237d62c83084ad9
-
SSDEEP
393216:/ijswMe8CX5P7uuaPTrDZimg5mEDXt3IPrce7G7Ci3thnsLuAWWUg/V2zs:qj4jkbaPTHZimg59Tt3IPRG7C8fnsLuQ
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Nitro Generator.exe
-
Size
18.4MB
-
MD5
8e3e0737df3744affe6aa9cc8c0bacc4
-
SHA1
726d05d5b06a39216dab21facdc2e27705465cb4
-
SHA256
178cc31882e0b7a11319e3015372c5df5d41447000eff58c60167d0225043fdb
-
SHA512
5b07d366fc15633a555d8e7314e0220201de873a1991f47a81082adc4e6c4682b4e3792fa6bea74c0418d4aabd6c048c41ff79666ff5dda6e1958f0fa66f899f
-
SSDEEP
393216:hqPnLFXlrvoQ8DOETgsPWgfGFGgLlvEqBALr6q:IPLFXNwQhEOmkaHLv
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
main.pyc
-
Size
7KB
-
MD5
b33e789919a3801c201fb2c17bd744a9
-
SHA1
8365695238610c5ba2f03290b06ddb9c5d33b85a
-
SHA256
9da7fe9380f22e844796634d452cbf79eeeda19362effece2c5a83dbb7654bf9
-
SHA512
fc331c7745f68d15b69a90e04f777ef6b28de19407c756363b89eae81e0de9c1b77bbcfe009f38ebad68fffec6f99257a6f99025388a101aaa1138d9d05a1c3e
-
SSDEEP
192:w7ITEATD86MSWdXwnB69aF0GTeJhwXgGMdwnwGnw:n7HWun09H2ZPwGw
Score3/10 -
-
-
Target
ReadMe.txt
-
Size
766B
-
MD5
7a571e9af2c6b8ea02e471352bd193a8
-
SHA1
a0e24ce1dfe04353171c50db9b8e286a4269bf55
-
SHA256
a003522f736164bb4582cbb08140b2bacc3665cff1a998b63d2fd420b2317b0a
-
SHA512
6639dc4fc6eb68f4e3c5bb88e311f39be86448f764fab3ecc34d4bf777f1d7f5fae0e6de14a4229f92343a01d2d873e1749d39ae63632c5507535c99d21b274d
Score1/10 -
-
-
Target
install_python.bat
-
Size
686B
-
MD5
f30718a354e7cc104ea553ce5ae2d486
-
SHA1
3876134e6b92da57a49d868013ed35b5d946f8fd
-
SHA256
94008c8135d149fecd29ca62aded487f0fbfa6af893596ffc3e4b621a0fe4966
-
SHA512
601b2256ea709a885741f1dec5c97dda6fb7fd4e485b4afac3503af1aefe73472e5bc5529c144814a3defbc0b51ac4b50e02a50dccc69b41ee5d87a3f4282874
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-