General
-
Target
Nitro_Generator.rar
-
Size
2.2MB
-
Sample
240527-vwjfasbd51
-
MD5
5104afca697acdbbe257368d12a6d740
-
SHA1
f85669fa269c97ef7e1cf7ad738ca9108de970ab
-
SHA256
ec9ca9135a1052109a310cbf594ce26b2d52545c6f254d7d042ec61f09dfea90
-
SHA512
d5f54d16185d4cd100940abbf72795b08b5c41599f130cfd24a865672b8521acfa4242c70a709ec5770b24b9ae85eed24bb1f153bba374fa0cfbbf0f938cd351
-
SSDEEP
49152:Ta+uXZLXjFQQzRZaI7rYyPmIdPYd0McyZmSrNIObsMNWzJCJ1:di1jFQ+R0YrDmoYyVyZrrNnWzJ01
Static task
static1
Behavioral task
behavioral1
Sample
nitro generator.exe
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
nitro generator.exe
-
Size
2.7MB
-
MD5
3373253f2f609bd2c3fb917e7d5f753a
-
SHA1
00571dc9f73635d355d3123a42ad860eee21de07
-
SHA256
751736b637f142637a3efa5a4c8ba281c949e5054656554931514e6f03642bfa
-
SHA512
39024cb5fac8ba4524571f4e193409726fc0779ba1c2c67e9fa33b19bf5fa54297ee2470d0f9ad4a0cfe87f7a466a54b212e34c5c34e195f80a91dd4e788c341
-
SSDEEP
24576:W5FcdZnozS74/KabrCEmxE3pD1IQybpgwmFpo28x8aonpoNSHL9TIP6vV5tygavO:cFcjH7Qp5nVbpjR3iGnh2lRcKJq7Pw+
-
Detect Cinoshi payload
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1