3597543888589ceef37913c4e4bb6b614e1007c3bc9bb08dadef7f1832e87e2e | Triage

Submit
Reports

Overview

overview

Static

static

NitroGen.exe

windows7-x64

NitroGen.exe

windows10-2004-x64

NitroGen.exe

android-9-x86

NitroGen.exe

android-10-x64

NitroGen.exe

android-11-x64

NitroGen.exe

macos-10.15-amd64

1

NitroGen.exe

ubuntu-18.04-amd64

NitroGen.exe

debian-9-armhf

NitroGen.exe

debian-9-mips

NitroGen.exe

debian-9-mipsel

Analysis

max time kernel
142s
max time network
146s
platform
macos-10.15_amd64
resource
macos-20240410-en
resource tags

arch:amd64arch:i386image:macos-20240410-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
07-06-2024 19:13

Sharing

Static task

static1

mercurialgrabber

2 signatures

Behavioral task

behavioral1

Sample

NitroGen.exe

Resource

win7-20240508-en

mercurialgrabber spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NitroGen.exe

Resource

win10v2004-20240508-en

mercurialgrabber spyware stealer

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

NitroGen.exe

Resource

android-x86-arm-20240603-en

android-9-x86

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

NitroGen.exe

Resource

android-x64-20240603-en

android-10-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

NitroGen.exe

Resource

android-x64-arm64-20240603-en

android-11-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

NitroGen.exe

Resource

macos-20240410-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

NitroGen.exe

Resource

ubuntu1804-amd64-20240508-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

NitroGen.exe

Resource

debian9-armhf-20240418-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

NitroGen.exe

Resource

debian9-mipsbe-20240226-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

NitroGen.exe

Resource

debian9-mipsel-20240226-en

debian-9-mipsel

0 signatures

150 seconds

Report Analysis Logs

General

Target

NitroGen.exe
Size

42KB
MD5

f750a0d3e70a6decff53c6b7b68e8f45
SHA1

67214581b14115a90a4cd769312006de2960014d
SHA256

3597543888589ceef37913c4e4bb6b614e1007c3bc9bb08dadef7f1832e87e2e
SHA512

42b6a6ad81045cf80821770b0310fb4b448d4ee13be126f9b9fbc993d0ecf26afad47161319f778f17ef8986d469a5d35dc1bd51532fe969d192024c567fad4d
SSDEEP

768:ZpIqetQIxm8NuZMML1KTjFKZKfgm3Eh/u:LSQIvyL1KTpF7Edu

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/NitroGen.exe\""
1⤵
PID:484

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/NitroGen.exe\""
1⤵
PID:484

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/NitroGen.exe
1⤵
PID:484

/bin/zsh
/bin/zsh -c /Users/run/NitroGen.exe
2⤵
PID:486

/Users/run/NitroGen.exe
/Users/run/NitroGen.exe
2⤵
PID:486

/usr/bin/pluginkit
/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync
1⤵
PID:489

/usr/sbin/spctl
/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater0BF23177/OneDrive.app
1⤵
PID:490

/usr/libexec/xpcproxy
xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E
1⤵
PID:529

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
1⤵
PID:529

/usr/libexec/xpcproxy
xpcproxy com.apple.Terminal.2100
1⤵
PID:539

/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
/System/Applications/Utilities/Terminal.app/Contents/MacOS/Terminal
1⤵
PID:539

/usr/bin/login
login -pf run
2⤵
PID:540

/bin/zsh
-zsh
3⤵
PID:541

/usr/libexec/path_helper
/usr/libexec/path_helper -s
4⤵
PID:542

/usr/bin/locale
locale LC_CTYPE
4⤵
PID:543

/usr/bin/curl
curl ipapi.org
4⤵
PID:544

/usr/bin/curl
curl ipapi.org/json
4⤵
PID:545

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/dev/ttys000
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

© 2018-2024

Terms | Privacy