General
-
Target
nitro-generator-main.zip
-
Size
13.0MB
-
Sample
240802-p2kbwswhqp
-
MD5
171d9903f21b7883dcc266dba4d991d6
-
SHA1
a60d26461952eccfdf111fda2533f42bf83cf0a3
-
SHA256
0f4f8005efed789448d9603c333e131822219a1b2e61227470a46791e8c514d2
-
SHA512
2caad1b18a7813e293e92ebad00921bc7d31d97487b0b5f635d79e05deb3ef5c4ecf4c51f7b1f5a20c15ecd48fec673cbd4af20121ca11cc69bfe6b1d201d638
-
SSDEEP
393216:LolixUHjILBd9l6K2gEX24N9obJ5lE7UTrADs9AGGJSD:Lo0xUHjQB75R4NKV5lxUExMSD
Malware Config
Targets
-
-
Target
nitro-generator-main/,github/index.exe
-
Size
13.2MB
-
MD5
b19ecc85f6fb66a7284923be049659cd
-
SHA1
23d8ffbf1f0dd96538124c80481e7676bbd392fb
-
SHA256
077fbfcf6bbc5690d8f7ad368a6414a0ca3ca4117d148e637b0ea07146c69809
-
SHA512
e030cf7383f1ea05f9af400034e0f6673ecbda6f25a24ee98e467555cebf41b3ce56cf3e11c02af33baaa25293fd74a62a818cd81a08c40f2c600c41a53c2051
-
SSDEEP
393216:iEkcqY4q1+TtIiF0Y9Z8D8Ccl6lnmEaUzlewA/Wm5R+:ikD4q1QtILa8DZcIlmgUd7z+
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates processes with tasklist
-