20ecc8d6a8738b7dc3bdd19c19c4348cb4206b4e7368d253d5516ccf07e90093

Sharing

Copy URL

Twitter E-mail

General

Target

Nitro-Generator-Set.up.exe
Size

81.1MB
Sample

240222-ksd2aseh4z
MD5

db733cae17902e56615b96ccb0d78118
SHA1

1fe12c5772e391ae35ceb277c073c9c08a0ec84f
SHA256

20ecc8d6a8738b7dc3bdd19c19c4348cb4206b4e7368d253d5516ccf07e90093
SHA512

54651152b864ea9c0b604e5f0f6358e8e3bbfce98ca3d59e172601ea62f345e85f379959c22f8ea60ff46aad0b8565fd468bf48d2d57778b0bd4bd79ec550933
SSDEEP

1572864:Z8l+n6TlBqUgNAKV+KDf1IYiQSRkEv6LJAWld6CSUc97WrQrOptIoT4pW:ZNn6TlBiAE+y/9GkBNADCS52QrOptGU

Score

7^/10

discovery

Malware Config

Targets

- Target
  
  Nitro-Generator-Set.up.exe
- Size
  
  81.1MB
- MD5
  
  db733cae17902e56615b96ccb0d78118
- SHA1
  
  1fe12c5772e391ae35ceb277c073c9c08a0ec84f
- SHA256
  
  20ecc8d6a8738b7dc3bdd19c19c4348cb4206b4e7368d253d5516ccf07e90093
- SHA512
  
  54651152b864ea9c0b604e5f0f6358e8e3bbfce98ca3d59e172601ea62f345e85f379959c22f8ea60ff46aad0b8565fd468bf48d2d57778b0bd4bd79ec550933
- SSDEEP
  
  1572864:Z8l+n6TlBqUgNAKV+KDf1IYiQSRkEv6LJAWld6CSUc97WrQrOptIoT4pW:ZNn6TlBiAE+y/9GkBNADCS52QrOptGU
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

1^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/app-64.7z
- Size
  
  80.6MB
- MD5
  
  b68d2bfbf4cb566ee998742da913d2d4
- SHA1
  
  c0f8bbe4eb27e47f0457af3907dbf4029cbcbad6
- SHA256
  
  e9b080bdf49a3f2aea1c77be89b12ef3b9f262373e2d8030e56042289a381df2
- SHA512
  
  b968c4d9119f4e555bd6f60a552155087259c6396b4e27766ec0df3239e0d39e55d364c60d3a7f0a92c4ed3b8167aa296ab5480224fb7efea60507f4d7376fe8
- SSDEEP
  
  1572864:Nl+n6TlBqUgNAKV+KDf1IYiQSRkEv6LJAWld6CSUc97WrQrOptIoT4po:en6TlBiAE+y/9GkBNADCS52QrOptGm
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  LICENSE.electron.txt
- Size
  
  1KB
- MD5
  
  4d42118d35941e0f664dddbd83f633c5
- SHA1
  
  2b21ec5f20fe961d15f2b58efb1368e66d202e5c
- SHA256
  
  5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
- SHA512
  
  3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63
Score

1^/10
behavioral13 behavioral14
- Target
  
  chrome_100_percent.pak
- Size
  
  126KB
- MD5
  
  d31f3439e2a3f7bee4ddd26f46a2b83f
- SHA1
  
  c5a26f86eb119ae364c5bf707bebed7e871fc214
- SHA256
  
  9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
- SHA512
  
  aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5
- SSDEEP
  
  3072:5KzwqCT4waJL2myFhPNL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:5Kzwt4LwmU3K18Gb0OV8ld0GecQ3f2
Score

3^/10
behavioral15 behavioral16
- Target
  
  chrome_200_percent.pak
- Size
  
  175KB
- MD5
  
  5604b67e3f03ab2741f910a250c91137
- SHA1
  
  a4bb15ac7914c22575f1051a29c448f215fe027f
- SHA256
  
  1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
- SHA512
  
  5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d
- SSDEEP
  
  3072:+DQYaEQN6AJPRJL2myFhPNafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:+DQYaNN68RwmU0gx5GMRejnbdZnVE6YR
Score

3^/10
behavioral17 behavioral18
- Target
  
  icudtl.dat
- Size
  
  10.0MB
- MD5
  
  76bef9b8bb32e1e54fe1054c97b84a10
- SHA1
  
  05dfea2a3afeda799ab01bb7fbce628cacd596f4
- SHA256
  
  97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
- SHA512
  
  7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6
- SSDEEP
  
  196608:p5zwSv9AAyse6liXUxCGZHa93Whlw6ZCXU0:pyKlysTliXUxCGZHa93Whlw6ZCX1
Score

3^/10
behavioral19 behavioral20
- Target
  
  locales/af.pak
- Size
  
  340KB
- MD5
  
  198092a7a82efced4d59715bd3e41703
- SHA1
  
  ac3cdfba133330fce825816b2f9579ac240dc176
- SHA256
  
  d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba
- SHA512
  
  590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d
- SSDEEP
  
  6144:ptbDrUln/WiOvz9P5D4uEmv0XPjC6nAcbaK6pgwwexhsVxS42K6tA3pU5tpwDw44:ptfOOiOvzg/mCPjC6nAcbipgwwePSS4C
Score

3^/10
behavioral21 behavioral22
- Target
  
  locales/am.pak
- Size
  
  551KB
- MD5
  
  a2a17bdd83467a027505bc817d1ac028
- SHA1
  
  cc1266a22606a1055db9653b82e90c9d1f551d44
- SHA256
  
  f92b0299185d963337e96df1016e1cf5ca335e22ff86568c1a6507c3fea29094
- SHA512
  
  193c5db0a30a3c8ef5e8c821cafb9d0b5671b7e7821748c7b432e927bd4638ecf5bfc1d99721ce89fb3df4f6f23b5e55d753430e8ef2bedd1e1633e613321028
- SSDEEP
  
  12288:WcWa+uPPo8xJTgWHsEaYM5g9yaAVmHukPQyx30jH8+I:Wuno8xOWHbaYM5g9yaAVmvPQ+
Score

3^/10
behavioral23 behavioral24
- Target
  
  locales/ar.pak
- Size
  
  602KB
- MD5
  
  b2a23f285858db5e3e53d6a5d5291623
- SHA1
  
  674adfeb57075f86f40ff4b14916c3af29695813
- SHA256
  
  7ab39416b60ee342ff2874aaa7b9b95b290828807b1395192cdbd29ee1be15e8
- SHA512
  
  92c9b31f82f62b15eed3edaf437412cb630e8deb2226ad162d7cb4c252d8cb7f0453b3121a846ffcb1547570e2eadb04cfd3877ab120496a7fefb47a6d96cba0
- SSDEEP
  
  12288:R2Aj3MtqtWx8QvYUjBLs6kXBz5ANbT+NTgTbMMgSEN7o:R2Aj3BI2H15o+u
Score

3^/10
behavioral25 behavioral26
- Target
  
  locales/bg.pak
- Size
  
  631KB
- MD5
  
  9dc95c3b9b47cc9fe5a34b2aab2d4d01
- SHA1
  
  bc19494d160e4af6abd0a10c5adbc8114d50a714
- SHA256
  
  fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e
- SHA512
  
  a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46
- SSDEEP
  
  12288:mEJqOwccalYrdAs1alUx42aVVwslyLKmF/RY3YKN3R5ObDGIV+Jfu64KyzEfSZpR:vqAZlYrdAs1alUmys8lY3YKT6q2Qu6pu
Score

3^/10
behavioral27 behavioral28
- Target
  
  locales/bn.pak
- Size
  
  812KB
- MD5
  
  fac2c752c57175a4b1f4630e3667123e
- SHA1
  
  a2dbcf1dd7b3cac499b9f782c7393ab438039584
- SHA256
  
  71f99a67bb310fab8068eeed7ce24ea7624a66051ba4e719d051cc7e67e78001
- SHA512
  
  4820704bd92dfb60736da5b84c8bc9135fca484c678585ec9d26dcb90632e382f354d03b539599f4816feb027dd285ff06ed8a520bede56d7a1c590d942e4250
- SSDEEP
  
  3072:3V/m0JEVzjcnmbVrH4kSBbdXWSM5QwXlFE:3w0a5rHEBbd+5tle
Score

3^/10
behavioral29 behavioral30
- Target
  
  locales/ca.pak
- Size
  
  384KB
- MD5
  
  0312c87b6436e733a037bfb3084f7550
- SHA1
  
  e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632
- SHA256
  
  b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff
- SHA512
  
  24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e
- SSDEEP
  
  12288:L0s8rijIs3cejEYBCqol3nbhj+YbHQluSwWwXiMjdLbpuQRBtryBiGIle3nei302:L0sLm+JzFMNSGhrKU5qzEK
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32