Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NitroGenerator.rar
-
Size
18.2MB
-
Sample
240220-zntzaafd27
-
MD5
0f9fdadb340f36684255eb9fe32d0364
-
SHA1
14dcdefef70f7e443c4f38a1f9333b8d7b5e2a94
-
SHA256
40f7c20cde14d5158e027a6c4adbc0cd1fcbf1d627a4d25cb09bdaafab3d103a
-
SHA512
988a874443d1439fe939441940c39ce96294d1e6d035029c57e8a10c315c6206fb0e67ae83b2b920ebe91b1f16f029f21474ac1d395972df4237d62c83084ad9
-
SSDEEP
393216:/ijswMe8CX5P7uuaPTrDZimg5mEDXt3IPrce7G7Ci3thnsLuAWWUg/V2zs:qj4jkbaPTHZimg59Tt3IPRG7C8fnsLuQ
Behavioral task
behavioral1
Sample
Nitro Generator.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Nitro Generator.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
install_python.bat
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
install_python.bat
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
Nitro Generator.exe
-
Size
18.4MB
-
MD5
8e3e0737df3744affe6aa9cc8c0bacc4
-
SHA1
726d05d5b06a39216dab21facdc2e27705465cb4
-
SHA256
178cc31882e0b7a11319e3015372c5df5d41447000eff58c60167d0225043fdb
-
SHA512
5b07d366fc15633a555d8e7314e0220201de873a1991f47a81082adc4e6c4682b4e3792fa6bea74c0418d4aabd6c048c41ff79666ff5dda6e1958f0fa66f899f
-
SSDEEP
393216:hqPnLFXlrvoQ8DOETgsPWgfGFGgLlvEqBALr6q:IPLFXNwQhEOmkaHLv
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
install_python.bat
-
Size
686B
-
MD5
f30718a354e7cc104ea553ce5ae2d486
-
SHA1
3876134e6b92da57a49d868013ed35b5d946f8fd
-
SHA256
94008c8135d149fecd29ca62aded487f0fbfa6af893596ffc3e4b621a0fe4966
-
SHA512
601b2256ea709a885741f1dec5c97dda6fb7fd4e485b4afac3503af1aefe73472e5bc5529c144814a3defbc0b51ac4b50e02a50dccc69b41ee5d87a3f4282874
Score8/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-