General
-
Target
NitroGenerator.exe
-
Size
14.6MB
-
Sample
240705-mm1n8ayhqe
-
MD5
9be718b54751c32bd3c45de8fc5a3f8b
-
SHA1
d211f4b16c560a74efbaf311d4e7ffa6921b75ee
-
SHA256
7d1e94147b1cb92a59e80204e6297c87fc1bdc7618e173cfb3074561bdfe7213
-
SHA512
7057e3808a612e64a7eb7f70657e42cd3fae6d874c2f7b50eb7167472059f1fd40258a42f4d5b6e2b01c6c551946461c1f745a4cb249a2d27157d68d63f3e540
-
SSDEEP
393216:HFEkZQMidQuslSq99oWOv+9fgdigq8Evx:HFhQ3dQuSDorvSYdTEv
Behavioral task
behavioral1
Sample
NitroGenerator.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
NitroGenerator.exe
-
Size
14.6MB
-
MD5
9be718b54751c32bd3c45de8fc5a3f8b
-
SHA1
d211f4b16c560a74efbaf311d4e7ffa6921b75ee
-
SHA256
7d1e94147b1cb92a59e80204e6297c87fc1bdc7618e173cfb3074561bdfe7213
-
SHA512
7057e3808a612e64a7eb7f70657e42cd3fae6d874c2f7b50eb7167472059f1fd40258a42f4d5b6e2b01c6c551946461c1f745a4cb249a2d27157d68d63f3e540
-
SSDEEP
393216:HFEkZQMidQuslSq99oWOv+9fgdigq8Evx:HFhQ3dQuSDorvSYdTEv
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-