General

  • Target

    nitricus.exe

  • Size

    874KB

  • Sample

    250704-tle5fsbm5z

  • MD5

    6da09ffcc619381412ec2297e994dd81

  • SHA1

    8b6aeae2b83f94eaea6ef8153013e7fc60975e50

  • SHA256

    d945e610554dc3748ff9128cbc73107a386026ba401400b59711ccb0f24d92fd

  • SHA512

    8ef350186c21e84296060c51407dfba21a559b5d806b8e2209c9e68e1e60fc5133b65e5cc7a9a7bcb0722925de4ebdf7a5ff08e6275422dbfde1b1544941eb56

  • SSDEEP

    12288:+43yQvOdqbEbsipIgk2S/egcXr6HaKQGNdQi5828X6Ih3yQ1us:jyQvu4EQgklegCudwM82VgyQ1P

Malware Config

Targets

    • Target

      nitricus.exe

    • Size

      874KB

    • MD5

      6da09ffcc619381412ec2297e994dd81

    • SHA1

      8b6aeae2b83f94eaea6ef8153013e7fc60975e50

    • SHA256

      d945e610554dc3748ff9128cbc73107a386026ba401400b59711ccb0f24d92fd

    • SHA512

      8ef350186c21e84296060c51407dfba21a559b5d806b8e2209c9e68e1e60fc5133b65e5cc7a9a7bcb0722925de4ebdf7a5ff08e6275422dbfde1b1544941eb56

    • SSDEEP

      12288:+43yQvOdqbEbsipIgk2S/egcXr6HaKQGNdQi5828X6Ih3yQ1us:jyQvu4EQgklegCudwM82VgyQ1P

    • Modifies Windows Defender DisableAntiSpyware settings

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Event Triggered Execution: Image File Execution Options Injection

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    • Modifies system executable filetype association

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Modifies WinLogon

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks