Resubmissions

17-05-2021 09:25

210517-2f8q38pbyx 8

17-05-2021 07:50

210517-j6sxl5g16x 8

General

  • Target

    NitroSnypa.exe

  • Size

    179KB

  • Sample

    210517-2f8q38pbyx

  • MD5

    61fccc142e2bbf498885bb6e42bae62c

  • SHA1

    7f15507c7798d8b99696c19929c86c6c629eb2f5

  • SHA256

    ae91da58a702252cc0dabcf19fa65e9655c7b7143e71e048aad1ebe59a31aabf

  • SHA512

    a3cc95a442581d02c97d4fe48494b157f37e5dff4ddf175723a2c99e442492370ad65f9f22da29ffd020754445193215b7dadc3515ab8cee91b6dd3b1f1202b1

Malware Config

Targets

    • Target

      NitroSnypa.exe

    • Size

      179KB

    • MD5

      61fccc142e2bbf498885bb6e42bae62c

    • SHA1

      7f15507c7798d8b99696c19929c86c6c629eb2f5

    • SHA256

      ae91da58a702252cc0dabcf19fa65e9655c7b7143e71e048aad1ebe59a31aabf

    • SHA512

      a3cc95a442581d02c97d4fe48494b157f37e5dff4ddf175723a2c99e442492370ad65f9f22da29ffd020754445193215b7dadc3515ab8cee91b6dd3b1f1202b1

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks