General

  • Target

    free_nitro_genV2.exe

  • Size

    7.5MB

  • Sample

    240619-3tjbhssanp

  • MD5

    43bacf4266269569ba7994344e4db264

  • SHA1

    4a678a57982a5c6fc975e90c2c5a1d98ae31b2a2

  • SHA256

    1a29f95e79327a1dc31e9a7c7b2135904642a2ea4bb315fa6588ef7953b06bcc

  • SHA512

    cbffe7b74e2466a673478b8050533993bc567232ee7d8398c9425015e8b7e221dea4a3d692dd3a0b76a5d0b87983aec3c7eab6056ace0e025a7ed7d7160dbf14

  • SSDEEP

    196608:hs/AtVurErvI9pWjgaAnajMsK2TfQU//OoLxh:ltVurEUWjJjYAoujLxh

Malware Config

Targets

    • Target

      free_nitro_genV2.exe

    • Size

      7.5MB

    • MD5

      43bacf4266269569ba7994344e4db264

    • SHA1

      4a678a57982a5c6fc975e90c2c5a1d98ae31b2a2

    • SHA256

      1a29f95e79327a1dc31e9a7c7b2135904642a2ea4bb315fa6588ef7953b06bcc

    • SHA512

      cbffe7b74e2466a673478b8050533993bc567232ee7d8398c9425015e8b7e221dea4a3d692dd3a0b76a5d0b87983aec3c7eab6056ace0e025a7ed7d7160dbf14

    • SSDEEP

      196608:hs/AtVurErvI9pWjgaAnajMsK2TfQU//OoLxh:ltVurEUWjJjYAoujLxh

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      loader-o.pyc

    • Size

      1KB

    • MD5

      f624ca6add419830be7725ef80fc9901

    • SHA1

      ea08288f614edbe7e03bfb8438ad1ce7397ac62b

    • SHA256

      2a9fc8faba89b03101ebcc392333768ad9b1890c952f01e8126583ed7711c2c6

    • SHA512

      0675eae15567297876df238965bf987b540c1f960b529afbc8f57bc4472064f76d9609b89bb4f42a43fdcfc0be6cdb8cd102693ee89de03a08f835ea24bf561c

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks