General
-
Target
nitricus.exe
-
Size
874KB
-
Sample
250704-tle5fsbm5z
-
MD5
6da09ffcc619381412ec2297e994dd81
-
SHA1
8b6aeae2b83f94eaea6ef8153013e7fc60975e50
-
SHA256
d945e610554dc3748ff9128cbc73107a386026ba401400b59711ccb0f24d92fd
-
SHA512
8ef350186c21e84296060c51407dfba21a559b5d806b8e2209c9e68e1e60fc5133b65e5cc7a9a7bcb0722925de4ebdf7a5ff08e6275422dbfde1b1544941eb56
-
SSDEEP
12288:+43yQvOdqbEbsipIgk2S/egcXr6HaKQGNdQi5828X6Ih3yQ1us:jyQvu4EQgklegCudwM82VgyQ1P
Static task
static1
Behavioral task
behavioral1
Sample
nitricus.exe
Resource
win10v2004-20250619-en
Malware Config
Targets
-
-
Target
nitricus.exe
-
Size
874KB
-
MD5
6da09ffcc619381412ec2297e994dd81
-
SHA1
8b6aeae2b83f94eaea6ef8153013e7fc60975e50
-
SHA256
d945e610554dc3748ff9128cbc73107a386026ba401400b59711ccb0f24d92fd
-
SHA512
8ef350186c21e84296060c51407dfba21a559b5d806b8e2209c9e68e1e60fc5133b65e5cc7a9a7bcb0722925de4ebdf7a5ff08e6275422dbfde1b1544941eb56
-
SSDEEP
12288:+43yQvOdqbEbsipIgk2S/egcXr6HaKQGNdQi5828X6Ih3yQ1us:jyQvu4EQgklegCudwM82VgyQ1P
-
UAC bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Manipulates Digital Signatures
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies system executable filetype association
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Modifies WinLogon
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Browser Extensions
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
4Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
4Change Default File Association
1Component Object Model Hijacking
1Image File Execution Options Injection
1Netsh Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
10Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1