General
-
Target
free_nitro_genV2.exe
-
Size
7.5MB
-
Sample
240619-3tjbhssanp
-
MD5
43bacf4266269569ba7994344e4db264
-
SHA1
4a678a57982a5c6fc975e90c2c5a1d98ae31b2a2
-
SHA256
1a29f95e79327a1dc31e9a7c7b2135904642a2ea4bb315fa6588ef7953b06bcc
-
SHA512
cbffe7b74e2466a673478b8050533993bc567232ee7d8398c9425015e8b7e221dea4a3d692dd3a0b76a5d0b87983aec3c7eab6056ace0e025a7ed7d7160dbf14
-
SSDEEP
196608:hs/AtVurErvI9pWjgaAnajMsK2TfQU//OoLxh:ltVurEUWjJjYAoujLxh
Behavioral task
behavioral1
Sample
free_nitro_genV2.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
loader-o.pyc
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
free_nitro_genV2.exe
-
Size
7.5MB
-
MD5
43bacf4266269569ba7994344e4db264
-
SHA1
4a678a57982a5c6fc975e90c2c5a1d98ae31b2a2
-
SHA256
1a29f95e79327a1dc31e9a7c7b2135904642a2ea4bb315fa6588ef7953b06bcc
-
SHA512
cbffe7b74e2466a673478b8050533993bc567232ee7d8398c9425015e8b7e221dea4a3d692dd3a0b76a5d0b87983aec3c7eab6056ace0e025a7ed7d7160dbf14
-
SSDEEP
196608:hs/AtVurErvI9pWjgaAnajMsK2TfQU//OoLxh:ltVurEUWjJjYAoujLxh
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
loader-o.pyc
-
Size
1KB
-
MD5
f624ca6add419830be7725ef80fc9901
-
SHA1
ea08288f614edbe7e03bfb8438ad1ce7397ac62b
-
SHA256
2a9fc8faba89b03101ebcc392333768ad9b1890c952f01e8126583ed7711c2c6
-
SHA512
0675eae15567297876df238965bf987b540c1f960b529afbc8f57bc4472064f76d9609b89bb4f42a43fdcfc0be6cdb8cd102693ee89de03a08f835ea24bf561c
Score3/10 -