General

  • Target

    NitroGenerator.exe

  • Size

    14.6MB

  • Sample

    240705-mm1n8ayhqe

  • MD5

    9be718b54751c32bd3c45de8fc5a3f8b

  • SHA1

    d211f4b16c560a74efbaf311d4e7ffa6921b75ee

  • SHA256

    7d1e94147b1cb92a59e80204e6297c87fc1bdc7618e173cfb3074561bdfe7213

  • SHA512

    7057e3808a612e64a7eb7f70657e42cd3fae6d874c2f7b50eb7167472059f1fd40258a42f4d5b6e2b01c6c551946461c1f745a4cb249a2d27157d68d63f3e540

  • SSDEEP

    393216:HFEkZQMidQuslSq99oWOv+9fgdigq8Evx:HFhQ3dQuSDorvSYdTEv

Malware Config

Targets

    • Target

      NitroGenerator.exe

    • Size

      14.6MB

    • MD5

      9be718b54751c32bd3c45de8fc5a3f8b

    • SHA1

      d211f4b16c560a74efbaf311d4e7ffa6921b75ee

    • SHA256

      7d1e94147b1cb92a59e80204e6297c87fc1bdc7618e173cfb3074561bdfe7213

    • SHA512

      7057e3808a612e64a7eb7f70657e42cd3fae6d874c2f7b50eb7167472059f1fd40258a42f4d5b6e2b01c6c551946461c1f745a4cb249a2d27157d68d63f3e540

    • SSDEEP

      393216:HFEkZQMidQuslSq99oWOv+9fgdigq8Evx:HFhQ3dQuSDorvSYdTEv

    Score
    7/10
    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks