Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

NitroGenerator.rar

windows7-x64

7

NitroGenerator.rar

windows10-2004-x64

8

Nitro Generator.exe

windows7-x64

7

Nitro Generator.exe

windows10-2004-x64

7

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

ReadMe.txt

windows7-x64

1

ReadMe.txt

windows10-2004-x64

1

install_python.bat

windows7-x64

1

install_python.bat

windows10-2004-x64

8

Resubmissions

20/02/2024, 20:52

240220-zntzaafd27 10

20/02/2024, 20:43

240220-zhst2afc62 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NitroGenerator.rar

  • Size

    18.2MB

  • Sample

    240220-zhst2afc62

  • MD5

    0f9fdadb340f36684255eb9fe32d0364

  • SHA1

    14dcdefef70f7e443c4f38a1f9333b8d7b5e2a94

  • SHA256

    40f7c20cde14d5158e027a6c4adbc0cd1fcbf1d627a4d25cb09bdaafab3d103a

  • SHA512

    988a874443d1439fe939441940c39ce96294d1e6d035029c57e8a10c315c6206fb0e67ae83b2b920ebe91b1f16f029f21474ac1d395972df4237d62c83084ad9

  • SSDEEP

    393216:/ijswMe8CX5P7uuaPTrDZimg5mEDXt3IPrce7G7Ci3thnsLuAWWUg/V2zs:qj4jkbaPTHZimg59Tt3IPRG7C8fnsLuQ

Score
10/10
empyreandiscoverypersistencepyinstallerupx

Malware Config

Targets

    • Target

      NitroGenerator.rar

    • Size

      18.2MB

    • MD5

      0f9fdadb340f36684255eb9fe32d0364

    • SHA1

      14dcdefef70f7e443c4f38a1f9333b8d7b5e2a94

    • SHA256

      40f7c20cde14d5158e027a6c4adbc0cd1fcbf1d627a4d25cb09bdaafab3d103a

    • SHA512

      988a874443d1439fe939441940c39ce96294d1e6d035029c57e8a10c315c6206fb0e67ae83b2b920ebe91b1f16f029f21474ac1d395972df4237d62c83084ad9

    • SSDEEP

      393216:/ijswMe8CX5P7uuaPTrDZimg5mEDXt3IPrce7G7Ci3thnsLuAWWUg/V2zs:qj4jkbaPTHZimg59Tt3IPRG7C8fnsLuQ

    Score
    8/10
    pyinstallerupxdiscoverypersistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Nitro Generator.exe

    • Size

      18.4MB

    • MD5

      8e3e0737df3744affe6aa9cc8c0bacc4

    • SHA1

      726d05d5b06a39216dab21facdc2e27705465cb4

    • SHA256

      178cc31882e0b7a11319e3015372c5df5d41447000eff58c60167d0225043fdb

    • SHA512

      5b07d366fc15633a555d8e7314e0220201de873a1991f47a81082adc4e6c4682b4e3792fa6bea74c0418d4aabd6c048c41ff79666ff5dda6e1958f0fa66f899f

    • SSDEEP

      393216:hqPnLFXlrvoQ8DOETgsPWgfGFGgLlvEqBALr6q:IPLFXNwQhEOmkaHLv

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      b33e789919a3801c201fb2c17bd744a9

    • SHA1

      8365695238610c5ba2f03290b06ddb9c5d33b85a

    • SHA256

      9da7fe9380f22e844796634d452cbf79eeeda19362effece2c5a83dbb7654bf9

    • SHA512

      fc331c7745f68d15b69a90e04f777ef6b28de19407c756363b89eae81e0de9c1b77bbcfe009f38ebad68fffec6f99257a6f99025388a101aaa1138d9d05a1c3e

    • SSDEEP

      192:w7ITEATD86MSWdXwnB69aF0GTeJhwXgGMdwnwGnw:n7HWun09H2ZPwGw

    Score
    3/10
    behavioral5behavioral6

    • Target

      ReadMe.txt

    • Size

      766B

    • MD5

      7a571e9af2c6b8ea02e471352bd193a8

    • SHA1

      a0e24ce1dfe04353171c50db9b8e286a4269bf55

    • SHA256

      a003522f736164bb4582cbb08140b2bacc3665cff1a998b63d2fd420b2317b0a

    • SHA512

      6639dc4fc6eb68f4e3c5bb88e311f39be86448f764fab3ecc34d4bf777f1d7f5fae0e6de14a4229f92343a01d2d873e1749d39ae63632c5507535c99d21b274d

    Score
    1/10
    behavioral7behavioral8

    • Target

      install_python.bat

    • Size

      686B

    • MD5

      f30718a354e7cc104ea553ce5ae2d486

    • SHA1

      3876134e6b92da57a49d868013ed35b5d946f8fd

    • SHA256

      94008c8135d149fecd29ca62aded487f0fbfa6af893596ffc3e4b621a0fe4966

    • SHA512

      601b2256ea709a885741f1dec5c97dda6fb7fd4e485b4afac3503af1aefe73472e5bc5529c144814a3defbc0b51ac4b50e02a50dccc69b41ee5d87a3f4282874

    Score
    8/10
    discoverypersistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral10behavioral9

MITRE ATT&CK Enterprise v15

Tasks