General

  • Target

    Nitrogen Executor.exe

  • Size

    81.5MB

  • Sample

    240818-zqfvfaxamj

  • MD5

    33a5f5aa1e6e94ab0db5c1aecf968b95

  • SHA1

    4c9e9d84b089fc1d1ca2519928824399adae613a

  • SHA256

    0d8336aecfa13fcc84972e9e86f901fbe3c3f0c8b68b5bf060c96a48c30fbaab

  • SHA512

    fe9cf146523f54408303d21b20035abeababa5c58c73a61ac09757192797c959e859d61b195aede893937cdefa097c7af3353953d22bb482bfb6b74e7d700cba

  • SSDEEP

    1572864:avxZQglDWK7vaSk8IpG7V+VPhqYdfCE7jlgJiYgj+h58sMwW9RBVcJX:avxZxhHeSkB05awcfHeL5i9R4

Malware Config

Targets

    • Target

      Nitrogen Executor.exe

    • Size

      81.5MB

    • MD5

      33a5f5aa1e6e94ab0db5c1aecf968b95

    • SHA1

      4c9e9d84b089fc1d1ca2519928824399adae613a

    • SHA256

      0d8336aecfa13fcc84972e9e86f901fbe3c3f0c8b68b5bf060c96a48c30fbaab

    • SHA512

      fe9cf146523f54408303d21b20035abeababa5c58c73a61ac09757192797c959e859d61b195aede893937cdefa097c7af3353953d22bb482bfb6b74e7d700cba

    • SSDEEP

      1572864:avxZQglDWK7vaSk8IpG7V+VPhqYdfCE7jlgJiYgj+h58sMwW9RBVcJX:avxZxhHeSkB05awcfHeL5i9R4

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks