General
-
Target
Nitro-zm19.exe
-
Size
17.0MB
-
Sample
240703-kkmcpsyfkm
-
MD5
5362038851f58dcf73e0d8c10f167353
-
SHA1
edbc0b004eb14649627634741a0851fdbb9a831b
-
SHA256
a326f30402fadc6980693337d5cdc70a94b24100ac4a4a8354c642570fa2508b
-
SHA512
9a7661f95b7ddd6903a5de70567db4b36c6b077ca31068023f62368d8b4da0310d44084e847bd2aa41f6351afff94d19b4385e7790a434a09b2b0194d47fbb56
-
SSDEEP
98304:VfDjWM8JEE1rY4amaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRaYKJJcGhEIFz:Vf0o5eNTfm/pf+xk4dWRatrbWOjgKp
Malware Config
Targets
-
-
Target
Nitro-zm19.exe
-
Size
17.0MB
-
MD5
5362038851f58dcf73e0d8c10f167353
-
SHA1
edbc0b004eb14649627634741a0851fdbb9a831b
-
SHA256
a326f30402fadc6980693337d5cdc70a94b24100ac4a4a8354c642570fa2508b
-
SHA512
9a7661f95b7ddd6903a5de70567db4b36c6b077ca31068023f62368d8b4da0310d44084e847bd2aa41f6351afff94d19b4385e7790a434a09b2b0194d47fbb56
-
SSDEEP
98304:VfDjWM8JEE1rY4amaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRaYKJJcGhEIFz:Vf0o5eNTfm/pf+xk4dWRatrbWOjgKp
Score8/10-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-