General
-
Target
GeradordeNitro.exe
-
Size
6.0MB
-
Sample
240603-ltbg8sbg62
-
MD5
3081a77776324a397f60a6f86250f452
-
SHA1
873371460e11d8eede3d2ad1dd15be82b5b04a81
-
SHA256
23d30f5b19770b03ca5afc670573f976a0390e0658ba7a37bf475c93ada48a00
-
SHA512
20b0ba639d26e55d6d10cc112b50a49c07b8e69ac6781e1cb70005c10370d4ac63538059524c051c85abc7108dc521fa1ffa8a454ebcd8f5056e45d9843fabd7
-
SSDEEP
196608:6rKRFEy7eN/FJMIDJf0gsAGK4RduAK67j9:xg/Fqyf0gstkAKY
Behavioral task
behavioral1
Sample
GeradordeNitro.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
GeradordeNitro.exe
-
Size
6.0MB
-
MD5
3081a77776324a397f60a6f86250f452
-
SHA1
873371460e11d8eede3d2ad1dd15be82b5b04a81
-
SHA256
23d30f5b19770b03ca5afc670573f976a0390e0658ba7a37bf475c93ada48a00
-
SHA512
20b0ba639d26e55d6d10cc112b50a49c07b8e69ac6781e1cb70005c10370d4ac63538059524c051c85abc7108dc521fa1ffa8a454ebcd8f5056e45d9843fabd7
-
SSDEEP
196608:6rKRFEy7eN/FJMIDJf0gsAGK4RduAK67j9:xg/Fqyf0gstkAKY
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-