blankgrabber | 952267929c570c1d6550daee56969b9ac7a7e32c0fec499657eb9cd77e0bf332 | Triage

Submit
Reports

Overview

overview

Static

static

checker ni...ro.exe

windows10-2004-x64

8

Resubmissions

15/02/2025, 02:00

250215-cfg87asrcx 10

08/02/2025, 23:42

250208-3p5zqaxrey 10

08/02/2025, 23:23

250208-3c8j3sxnex 10

Sharing

General

Target

checker nitro.rar
Size

15.6MB
Sample

250208-3p5zqaxrey
MD5

c73d1772a77559aff4de897ec7423050
SHA1

d58574339d8a56448486759c96bb3b49970e916d
SHA256

952267929c570c1d6550daee56969b9ac7a7e32c0fec499657eb9cd77e0bf332
SHA512

7445fcebb4d2e3a341798a4bab76b9ca41f724086d33ce857c6c9ddee3d45979a32efe072dca455f7c3b64d694f890b3cd3f9862b055a08a2fa3bcc60ab375ef
SSDEEP

393216:hf8cbBYYbZmgLEJxG0P8fRbOcEgrhi2XW4oUhumft/Q1:hUeZVmgIfjkhEgliGqUhumfC1

Score

10^/10

blankgrabber collection discovery execution pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

checker nitro/checker de nitro.exe

Resource

win10v2004-20250207-en

collection discovery execution pyinstaller spyware stealer upx

windows10-2004-x64

20 signatures

900 seconds

Malware Config

Targets

- Target
  
  checker nitro/checker de nitro.exe
- Size
  
  15.7MB
- MD5
  
  829823ecaf20b2cadacfc2a2caad0dc0
- SHA1
  
  8ba0f8105fb37d1c0912cd743de0e18a89764252
- SHA256
  
  4d241c03dc903dd9330360e59b7dffcc3efb3a0fc4d916b35536d99d06de5c9c
- SHA512
  
  15d55a41043fb59b3e97b7ea63e7290c631630adccb63bfc9044c02733fe8ca126b1e7d40edcfb3b475de9fd18328ca4b478dadf08537edb4197e9a337f00395
- SSDEEP
  
  393216:Zt6WBACSY/+0ItJeluL6LIH20drLYRZjop:ZtVB1/vIMul3aZjop
Score

8^/10

collection discovery execution pyinstaller spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Process Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Clipboard Data

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoveryexecutionpyinstallerspywarestealerupx

© 2018-2025

Terms | Privacy