General

  • Target

    GeradordeNitro.exe

  • Size

    6.0MB

  • Sample

    240603-ltbg8sbg62

  • MD5

    3081a77776324a397f60a6f86250f452

  • SHA1

    873371460e11d8eede3d2ad1dd15be82b5b04a81

  • SHA256

    23d30f5b19770b03ca5afc670573f976a0390e0658ba7a37bf475c93ada48a00

  • SHA512

    20b0ba639d26e55d6d10cc112b50a49c07b8e69ac6781e1cb70005c10370d4ac63538059524c051c85abc7108dc521fa1ffa8a454ebcd8f5056e45d9843fabd7

  • SSDEEP

    196608:6rKRFEy7eN/FJMIDJf0gsAGK4RduAK67j9:xg/Fqyf0gstkAKY

Malware Config

Targets

    • Target

      GeradordeNitro.exe

    • Size

      6.0MB

    • MD5

      3081a77776324a397f60a6f86250f452

    • SHA1

      873371460e11d8eede3d2ad1dd15be82b5b04a81

    • SHA256

      23d30f5b19770b03ca5afc670573f976a0390e0658ba7a37bf475c93ada48a00

    • SHA512

      20b0ba639d26e55d6d10cc112b50a49c07b8e69ac6781e1cb70005c10370d4ac63538059524c051c85abc7108dc521fa1ffa8a454ebcd8f5056e45d9843fabd7

    • SSDEEP

      196608:6rKRFEy7eN/FJMIDJf0gsAGK4RduAK67j9:xg/Fqyf0gstkAKY

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks