General
-
Target
NitroGen.exe
-
Size
8.2MB
-
Sample
240725-z5w5zaybrg
-
MD5
15f03a4f7de9a8420c6024944e85e5ec
-
SHA1
c0405dae61e53eb8fe2d6bbb900742302e0a5361
-
SHA256
68f1fe10624256fef229a8dfcc775476b31f5ac796fa7346b06c210a164fc397
-
SHA512
13b64292fc6a8d6a47e272b41ffedaf90994e255699ad26ed2931c8daed01d243e828059da12fff4defb0e0e5ac19e85af47a843afdfa81df2273c88a0ffe04f
-
SSDEEP
196608:4ou78K/1+AdQmRJ8dA6l7aycBIGpEGo6hTOv+QKfgwHQhxMX96Z:5u7L/fdQusl29foWOv+9fgwH
Behavioral task
behavioral1
Sample
NitroGen.exe
Resource
win10-20240404-en
Malware Config
Targets
-
-
Target
NitroGen.exe
-
Size
8.2MB
-
MD5
15f03a4f7de9a8420c6024944e85e5ec
-
SHA1
c0405dae61e53eb8fe2d6bbb900742302e0a5361
-
SHA256
68f1fe10624256fef229a8dfcc775476b31f5ac796fa7346b06c210a164fc397
-
SHA512
13b64292fc6a8d6a47e272b41ffedaf90994e255699ad26ed2931c8daed01d243e828059da12fff4defb0e0e5ac19e85af47a843afdfa81df2273c88a0ffe04f
-
SSDEEP
196608:4ou78K/1+AdQmRJ8dA6l7aycBIGpEGo6hTOv+QKfgwHQhxMX96Z:5u7L/fdQusl29foWOv+9fgwH
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-