c1e7a6fb6e66f5c0fc2a4777dc61c8732ab4c05756de7f4fae76bf766148141b

Resubmissions

19-09-2024 12:37

240919-ptfczaydpa 8

19-09-2024 12:33

240919-prhqbaygnn 8

Sharing

Copy URL

Twitter E-mail

General

Target

Nitro_Generator_with_Checker.rar
Size

8.0MB
Sample

240919-prhqbaygnn
MD5

65f2fcfbd2e9c0ab1df7eac86353cc62
SHA1

f874726ac4cdf4af8204738fdf3e5ff7e33db490
SHA256

c1e7a6fb6e66f5c0fc2a4777dc61c8732ab4c05756de7f4fae76bf766148141b
SHA512

29253dab150b85fb6f1ae65e1d17b526f8dc0132e6d5587bf02b6b164d4b8e4614475e6740ccb09c85e05288a98cd79ace8101107c50d9752599c18fc95a0e30
SSDEEP

196608:fP7lP7vLSfkzKcci0OmZsBh63/2HphTQX7BLtxYbXglKXOBMwxf/SWn:75DS4b0NCE2O7FtxYbXgl+rKTn

Score

8^/10

Malware Config

Targets

- Target
  
  Nitro Generator with Checker/BFE.DLL
- Size
  
  857KB
- MD5
  
  d7654ccf919b8bd04b6d4972459f01b2
- SHA1
  
  31fd54693ac1ea545cf1d74e9754a38cefdbc361
- SHA256
  
  47a108eccb27192091286728d400e2fa1f0c56692b546636d6343a95d29e18c0
- SHA512
  
  b0f3fb9e1b66450882adb0cac48d0ea75e01ecb25218cc34100e6d3090422ca487c74741a7bcca5415828769a182611d3dc3fe50632529eba0d95bfeedd6e63a
- SSDEEP
  
  24576:xWwvcAyA2hSyQQtWpqIpLw5L64iDipH8o+:xJy1hSyPtAq/5e4iDipc
Score

1^/10
behavioral1
- Target
  
  Nitro Generator with Checker/NitroGen.exe
- Size
  
  181KB
- MD5
  
  4e365e8ccd70afbd3bb87ff051cc04cc
- SHA1
  
  019d2786471cd7e9d860b2d2f35beae8f70f5e0f
- SHA256
  
  a5460367bad0aa216b9d13f150ac125eb0c32aff9f70c1d081fb579e36b2ec99
- SHA512
  
  ac90d76d2f7883c49f8b3a0f322e0c37d93840a5bdf8f8f37d81c9d7572deb1e82be5b3ecd585b6596d77b6ef9f2cc9e5e6797ec008cb6b2ab4f148266490ecb
- SSDEEP
  
  768:Eec4lj/TePn4d3TNDI+eFdNwPfeivrm/J/aKr9n8RA3LfzIh:s4l3ePiO+eF3wPfeivrEFBfUh
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral2
- Target
  
  Nitro Generator with Checker/WebDriver/BFE.DLL
- Size
  
  857KB
- MD5
  
  d7654ccf919b8bd04b6d4972459f01b2
- SHA1
  
  31fd54693ac1ea545cf1d74e9754a38cefdbc361
- SHA256
  
  47a108eccb27192091286728d400e2fa1f0c56692b546636d6343a95d29e18c0
- SHA512
  
  b0f3fb9e1b66450882adb0cac48d0ea75e01ecb25218cc34100e6d3090422ca487c74741a7bcca5415828769a182611d3dc3fe50632529eba0d95bfeedd6e63a
- SSDEEP
  
  24576:xWwvcAyA2hSyQQtWpqIpLw5L64iDipH8o+:xJy1hSyPtAq/5e4iDipc
Score

1^/10
behavioral3
- Target
  
  Nitro Generator with Checker/WebDriver/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral4
- Target
  
  Nitro Generator with Checker/WebDriver/Jint.exe
- Size
  
  7.2MB
- MD5
  
  3835d3e8ee4feec6e173b292fdf2ff83
- SHA1
  
  0fba846445f7d59d33361827d0fa6fb47c332015
- SHA256
  
  d5928829da606afde1d43835e31ca1367f7105b5e28bba01be7a82775d3a735a
- SHA512
  
  99de33b7323cf392bcad275760154c542e8450968e50caecc9c7c7f5d30dbbd74de8965f6300e79c4b7ddef5052120f55a649487afef7903506c971e0c9d7573
- SSDEEP
  
  196608:t6PmCsXDjDyf6L2WliXYrHW1L0XFowUHWZrQ:QPmCEDVL2ciIrHWRCowU2
Score

7^/10
- Loads dropped DLL
behavioral5
- Target
  
  Nitro Generator with Checker/WebDriver/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral6
- Target
  
  Nitro Generator with Checker/WebDriver/vertdll.dll
- Size
  
  163KB
- MD5
  
  239383d7f5553f8a165f5e5aeaba1830
- SHA1
  
  783827ca6e0412f1794cb24a3a561cdb1d1c04cb
- SHA256
  
  9b2989c38a7cef81878e60ea67d022d57739855c49bc3cd800431373046bf316
- SHA512
  
  66b0e01aba2b8619abefaebd9aa34444cea087d7f0142f212e28246731a92fb93fdff4ba20e64efe7eaf753421ceffbe4980b05537d06a7b3211dac773ea12f7
- SSDEEP
  
  3072:joVBpSxttttHIbEafAeCrRVToY/nh34XVIlHeF:jQBpSxttttMTZY/n2Vd
Score

1^/10
behavioral7
- Target
  
  Nitro Generator with Checker/vertdll.dll
- Size
  
  163KB
- MD5
  
  239383d7f5553f8a165f5e5aeaba1830
- SHA1
  
  783827ca6e0412f1794cb24a3a561cdb1d1c04cb
- SHA256
  
  9b2989c38a7cef81878e60ea67d022d57739855c49bc3cd800431373046bf316
- SHA512
  
  66b0e01aba2b8619abefaebd9aa34444cea087d7f0142f212e28246731a92fb93fdff4ba20e64efe7eaf753421ceffbe4980b05537d06a7b3211dac773ea12f7
- SSDEEP
  
  3072:joVBpSxttttHIbEafAeCrRVToY/nh34XVIlHeF:jQBpSxttttMTZY/n2Vd
Score

1^/10
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Drops startup file

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Loads dropped DLL

Command and Scripting Interpreter: PowerShell

Drops startup file

Executes dropped EXE

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8