General
-
Target
nitro.bin.zip
-
Size
24KB
-
Sample
210427-vj2ehadz4s
-
MD5
a418d452bc1b5899c330a559d8ddc2c7
-
SHA1
70397565d985ef4eb9cb3579a9e298eaea9a6674
-
SHA256
acbe3153184397a7e789f93226ff4d8560f8b4b3a5b57281968f67d246e35cf4
-
SHA512
e4eed250b182020749376ad43b2f4ec850d033118587b98feda4d4ad0835ef999607fa223a31217fcfd34bff5f020b628ed6ca85e9ce9b303bfcd4cef5bcdfc3
Malware Config
Targets
-
-
Target
92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09.bin
-
Size
61KB
-
MD5
077fccc46159f8ccd79fcd50787db1c9
-
SHA1
288635e27276ba6da3291d0982a8f0f23ae0065e
-
SHA256
92190c9789485a0d96bced7040080f0ae35c02898c3d31a65d50ecd659b80f09
-
SHA512
6028a1b66ea3e6baae6c11005596c6a6fff982d132ad23c502bf57c5d0995829f983963ba451142f2780214da6c8588e8f83b2972d289367300094fee9cebe74
Score8/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-