General

  • Target

    Nitro gen.exe

  • Size

    22.5MB

  • Sample

    241026-f5vscszhne

  • MD5

    5849f25e4661d9bd8444e5bd42bf245b

  • SHA1

    de488b23f11e43fd582a8eb80e511ffcf031e3f7

  • SHA256

    7486ff059afdaa692e9f40c739bf9cfa054d3d4c7629a91c0afd9aee1315bc43

  • SHA512

    8f600bbd9cb625381d199dfe793ee5525e21502cf7e546f0636aad44e16a7bb34a7e338ffbb903cf265fcb969a0b4af5cdb1273e850df592d514bc084baafbf5

  • SSDEEP

    393216:nO2LYKd1QLdCTGz7k9IHSiK1piXLGVE4aPv3NMso0FdYNG2L:ne4uf7kDiXHFPvS62L

Malware Config

Targets

    • Target

      Nitro gen.exe

    • Size

      22.5MB

    • MD5

      5849f25e4661d9bd8444e5bd42bf245b

    • SHA1

      de488b23f11e43fd582a8eb80e511ffcf031e3f7

    • SHA256

      7486ff059afdaa692e9f40c739bf9cfa054d3d4c7629a91c0afd9aee1315bc43

    • SHA512

      8f600bbd9cb625381d199dfe793ee5525e21502cf7e546f0636aad44e16a7bb34a7e338ffbb903cf265fcb969a0b4af5cdb1273e850df592d514bc084baafbf5

    • SSDEEP

      393216:nO2LYKd1QLdCTGz7k9IHSiK1piXLGVE4aPv3NMso0FdYNG2L:ne4uf7kDiXHFPvS62L

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks