General
-
Target
nitro_gen_v1_1.bat
-
Size
16.3MB
-
Sample
240527-ra2g7seh2y
-
MD5
e3c6709b1b5106c3f4d630f5f0f9bf37
-
SHA1
f74558569bd78a7b095f3e36fcb0aadddf192d4b
-
SHA256
2e885f801685d272edacc3a6d286c5b3cf2e02bb3661a8480e9f8de3dcf07381
-
SHA512
f4bfed0c446cc7250136a96b5843e027c6b1d23aa10dd2f3be5853730f7427aa928b7ebf74d0956fe31b3dcea83d1102266ab44d00cf4b193e56d714e1f3d298
-
SSDEEP
393216:HEkcqc4P8AxYDQ1+TtIiFvY9Z8D8Ccl6lnyEkQKkPbIs:HkzzX01QtI6a8DZcIlyRkj
Behavioral task
behavioral1
Sample
nitro_gen_v1_1.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
nitro_gen_v1_1.bat
-
Size
16.3MB
-
MD5
e3c6709b1b5106c3f4d630f5f0f9bf37
-
SHA1
f74558569bd78a7b095f3e36fcb0aadddf192d4b
-
SHA256
2e885f801685d272edacc3a6d286c5b3cf2e02bb3661a8480e9f8de3dcf07381
-
SHA512
f4bfed0c446cc7250136a96b5843e027c6b1d23aa10dd2f3be5853730f7427aa928b7ebf74d0956fe31b3dcea83d1102266ab44d00cf4b193e56d714e1f3d298
-
SSDEEP
393216:HEkcqc4P8AxYDQ1+TtIiFvY9Z8D8Ccl6lnyEkQKkPbIs:HkzzX01QtI6a8DZcIlyRkj
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-