47d9f0523c4d265c69f5ef69536b29643b7d8df31eeed4792498da3da723d949 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nitro_gen.zip
Size

7.5MB
Sample

240221-pcklcsfa2w
MD5

c10c3905b7af673ea8eb38f853452fe4
SHA1

670ac4245e920a651ca7f922eb37df2e6b97b577
SHA256

47d9f0523c4d265c69f5ef69536b29643b7d8df31eeed4792498da3da723d949
SHA512

1bfb4b7f6560f04a513a7365f13185b998c8e5f4ad441279828a255f4c997e4d4f405a9ed3e9cbb6b386c4745b3637a5982d0e27b1a32b5e2209cd149b71916a
SSDEEP

196608:wE2rYiQxfUbCorQWOweW+GfjQLnrtqHnB6:wrQxfUOorQWOtiQjQHnB6

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  nitro_gen.exe
- Size
  
  7.7MB
- MD5
  
  1c11f5e1acaae8868fbdf1dc898df480
- SHA1
  
  d8cd4078160284eeefbc5e496155c36d1de41aae
- SHA256
  
  58b4834b92cee93bce50421228a766a69a057bc9b9600b34b7a46974fb72e9e9
- SHA512
  
  8f5722959e97944f376b449ece1b8378ed7c0add49400b54aaf54f19505e87bc776fd4adeb7aa5f304a7c970461b7d44aeba8b0cd24248bea46552a1bb6a8e63
- SSDEEP
  
  196608:c1IVOq/Bg9iZl3BqVPpAgyc2acnhcPQwjQwX7966QdkF1ZEv:c1IVOq/BXtBqVPpAs2auc4FYtQdE16
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2