General
-
Target
_CRACKED_Paid_Nitro_gen_Tropical_Nitro_Generator_cracked_free_main.zip
-
Size
8.0MB
-
Sample
240619-z5jjwasape
-
MD5
5953eade1718e309ec5233ddb33003b3
-
SHA1
4ae2cd8e28fd0e454d57238d9b2d930d99b326da
-
SHA256
0d6e24e41bad37ce0f0fa2752d7f4e347d2c2b15272d18625ca895be20c61378
-
SHA512
ece5bcbe9d201228d5804d1af71fdf36411770fd14ca45898985577e301827fefa3c255eea23afd747faa27b556cec44ca3f5ce3474661a0c8f9ed1664b9321f
-
SSDEEP
196608:FTxp4bf0v9plda56mfp8QGaTu+OcYnMC/MDKa1yItyQRI:Tpz1plda5ZB8YifJiEI1RI
Static task
static1
Behavioral task
behavioral1
Sample
-CRACKED-Paid-Nitro-gen-Tropical-Nitro-Generator-cracked-free-main/DiscordNitroGenerator.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
-CRACKED-Paid-Nitro-gen-Tropical-Nitro-Generator-cracked-free-main/DiscordNitroGenerator.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
-CRACKED-Paid-Nitro-gen-Tropical-Nitro-Generator-cracked-free-main/Tropical.py
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
-CRACKED-Paid-Nitro-gen-Tropical-Nitro-Generator-cracked-free-main/Tropical.py
Resource
win10v2004-20240508-en
Malware Config
Extracted
quasar
1.4.1
Office04
auroraforge.art:55326
thesirenmika.com:55713
90e5b58f-3c4e-4c0d-b7ae-0b38315dc172
-
encryption_key
A730DFF691ED1723ED88E36A2C5E7ED5CCF91DD1
-
install_name
up2.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Targets
-
-
Target
-CRACKED-Paid-Nitro-gen-Tropical-Nitro-Generator-cracked-free-main/DiscordNitroGenerator.exe
-
Size
22.0MB
-
MD5
ca9ebeadf3b9c37fc61ebd08f41f27ba
-
SHA1
e5ca52600f0c29b0067304bdba7671c0bbb96f87
-
SHA256
9a34c7ab2c8bdc2e296a5de01c2c18da15603dd50bd50d6059c2561fb58aaa55
-
SHA512
840ba61739b43b747257cfd6cb633650d6902980db48cccd730050b69f63b0372b99f51fb7e39f8af6db46da5726cf61e7184f1e4db7ddefbc5745927fbfebdc
-
SSDEEP
49152:AcVV1BCjB18rclSJjf1od18AmjvworgYBXc62MUiqgNx6UzMInCKXoEp5Yxst+EZ:5
-
Quasar payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
XMRig Miner payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
-CRACKED-Paid-Nitro-gen-Tropical-Nitro-Generator-cracked-free-main/Tropical.py
-
Size
3KB
-
MD5
9cd32b09f10bb67f4bee9c13c39a81ce
-
SHA1
90a193a4139e282f54b4b36f846876ffeef74071
-
SHA256
655e38151c09a2bb9cdeb59efa76d8d73baf7aaf424d4e6315022b514ab3c162
-
SHA512
04780e75b0db354af8f9ac35d428cc2f7c777f36fbaf6106dbe489baa3b6f3da6ed0f15baf82964bb69fa6d55fec1e2c761b0626cb4ffff1419f782350bba654
Score3/10 -