General

  • Target

    NitroGen.exe

  • Size

    8.2MB

  • Sample

    240725-z5w5zaybrg

  • MD5

    15f03a4f7de9a8420c6024944e85e5ec

  • SHA1

    c0405dae61e53eb8fe2d6bbb900742302e0a5361

  • SHA256

    68f1fe10624256fef229a8dfcc775476b31f5ac796fa7346b06c210a164fc397

  • SHA512

    13b64292fc6a8d6a47e272b41ffedaf90994e255699ad26ed2931c8daed01d243e828059da12fff4defb0e0e5ac19e85af47a843afdfa81df2273c88a0ffe04f

  • SSDEEP

    196608:4ou78K/1+AdQmRJ8dA6l7aycBIGpEGo6hTOv+QKfgwHQhxMX96Z:5u7L/fdQusl29foWOv+9fgwH

Malware Config

Targets

    • Target

      NitroGen.exe

    • Size

      8.2MB

    • MD5

      15f03a4f7de9a8420c6024944e85e5ec

    • SHA1

      c0405dae61e53eb8fe2d6bbb900742302e0a5361

    • SHA256

      68f1fe10624256fef229a8dfcc775476b31f5ac796fa7346b06c210a164fc397

    • SHA512

      13b64292fc6a8d6a47e272b41ffedaf90994e255699ad26ed2931c8daed01d243e828059da12fff4defb0e0e5ac19e85af47a843afdfa81df2273c88a0ffe04f

    • SSDEEP

      196608:4ou78K/1+AdQmRJ8dA6l7aycBIGpEGo6hTOv+QKfgwHQhxMX96Z:5u7L/fdQusl29foWOv+9fgwH

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks