Overview

overview

10

Static

static

3

nitro generator.exe

windows11-21h2-x64

10

Resubmissions

09-06-2024 00:45

240609-a33gjabf67 10

27-05-2024 17:20

240527-vwjfasbd51 10

26-05-2024 15:54

240526-tcc9hacf37 10

27-07-2023 00:48

230727-a53v3shd3w 7

25-07-2023 02:01

230725-cfzhgahh76 3

24-07-2023 21:47

230724-1nb9xahb36 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nitro_Generator.rar

  • Size

    2.2MB

  • Sample

    240526-tcc9hacf37

  • MD5

    5104afca697acdbbe257368d12a6d740

  • SHA1

    f85669fa269c97ef7e1cf7ad738ca9108de970ab

  • SHA256

    ec9ca9135a1052109a310cbf594ce26b2d52545c6f254d7d042ec61f09dfea90

  • SHA512

    d5f54d16185d4cd100940abbf72795b08b5c41599f130cfd24a865672b8521acfa4242c70a709ec5770b24b9ae85eed24bb1f153bba374fa0cfbbf0f938cd351

  • SSDEEP

    49152:Ta+uXZLXjFQQzRZaI7rYyPmIdPYd0McyZmSrNIObsMNWzJCJ1:di1jFQ+R0YrDmoYyVyZrrNnWzJ01

Score
10/10
cinoshiredlinebotdiscoveryinfostealerpersistencespywarestealer

Malware Config

Targets

    • Target

      nitro generator.exe

    • Size

      2.7MB

    • MD5

      3373253f2f609bd2c3fb917e7d5f753a

    • SHA1

      00571dc9f73635d355d3123a42ad860eee21de07

    • SHA256

      751736b637f142637a3efa5a4c8ba281c949e5054656554931514e6f03642bfa

    • SHA512

      39024cb5fac8ba4524571f4e193409726fc0779ba1c2c67e9fa33b19bf5fa54297ee2470d0f9ad4a0cfe87f7a466a54b212e34c5c34e195f80a91dd4e788c341

    • SSDEEP

      24576:W5FcdZnozS74/KabrCEmxE3pD1IQybpgwmFpo28x8aonpoNSHL9TIP6vV5tygavO:cFcjH7Qp5nVbpjR3iGnh2lRcKJq7Pw+

    Score
    10/10
    cinoshiredlinebotdiscoveryinfostealerpersistencespywarestealer

    • Cinoshi

      Cinoshi stealer is part of Cinoshi project Malware-as-a-Service (MaaS) written in C#.

      botstealercinoshi

    • Detect Cinoshi payload

    • Modifies WinLogon for persistence

      persistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

2
T1552.001

Credentials in Registry

1
T1552.002

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks