Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Nitro Generator.exe

windows7-x64

7

Nitro Generator.exe

windows10-2004-x64

7

install_python.bat

windows7-x64

1

install_python.bat

windows10-2004-x64

8

Resubmissions

20/02/2024, 20:52

240220-zntzaafd27 10

20/02/2024, 20:43

240220-zhst2afc62 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NitroGenerator.rar

  • Size

    18.2MB

  • Sample

    240220-zntzaafd27

  • MD5

    0f9fdadb340f36684255eb9fe32d0364

  • SHA1

    14dcdefef70f7e443c4f38a1f9333b8d7b5e2a94

  • SHA256

    40f7c20cde14d5158e027a6c4adbc0cd1fcbf1d627a4d25cb09bdaafab3d103a

  • SHA512

    988a874443d1439fe939441940c39ce96294d1e6d035029c57e8a10c315c6206fb0e67ae83b2b920ebe91b1f16f029f21474ac1d395972df4237d62c83084ad9

  • SSDEEP

    393216:/ijswMe8CX5P7uuaPTrDZimg5mEDXt3IPrce7G7Ci3thnsLuAWWUg/V2zs:qj4jkbaPTHZimg59Tt3IPRG7C8fnsLuQ

Score
10/10
empyreandiscoverypersistencepyinstallerupx

Malware Config

Targets

    • Target

      Nitro Generator.exe

    • Size

      18.4MB

    • MD5

      8e3e0737df3744affe6aa9cc8c0bacc4

    • SHA1

      726d05d5b06a39216dab21facdc2e27705465cb4

    • SHA256

      178cc31882e0b7a11319e3015372c5df5d41447000eff58c60167d0225043fdb

    • SHA512

      5b07d366fc15633a555d8e7314e0220201de873a1991f47a81082adc4e6c4682b4e3792fa6bea74c0418d4aabd6c048c41ff79666ff5dda6e1958f0fa66f899f

    • SSDEEP

      393216:hqPnLFXlrvoQ8DOETgsPWgfGFGgLlvEqBALr6q:IPLFXNwQhEOmkaHLv

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      install_python.bat

    • Size

      686B

    • MD5

      f30718a354e7cc104ea553ce5ae2d486

    • SHA1

      3876134e6b92da57a49d868013ed35b5d946f8fd

    • SHA256

      94008c8135d149fecd29ca62aded487f0fbfa6af893596ffc3e4b621a0fe4966

    • SHA512

      601b2256ea709a885741f1dec5c97dda6fb7fd4e485b4afac3503af1aefe73472e5bc5529c144814a3defbc0b51ac4b50e02a50dccc69b41ee5d87a3f4282874

    Score
    8/10
    discoverypersistence

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks