General

  • Target

    89fbfa647b0558f766bee4029fe66187

  • Size

    62KB

  • Sample

    210812-5ardkj6826

  • MD5

    89fbfa647b0558f766bee4029fe66187

  • SHA1

    72260bdc557b500d3c4c13d8f1228c0b49c5ae95

  • SHA256

    155e6b0ba6cc29659970f69c00034f7b591e8f63c4727a12c64f13f7543421e3

  • SHA512

    025485d9577127babd06b130de117f0b9c756b8a90f0fb6a00399411bb5f284e94e81412a45e5f98a4c3927a32139216c34ffdf5c73c2288f2ddc88cb89b4fc4

Malware Config

Targets

    • Target

      89fbfa647b0558f766bee4029fe66187

    • Size

      62KB

    • MD5

      89fbfa647b0558f766bee4029fe66187

    • SHA1

      72260bdc557b500d3c4c13d8f1228c0b49c5ae95

    • SHA256

      155e6b0ba6cc29659970f69c00034f7b591e8f63c4727a12c64f13f7543421e3

    • SHA512

      025485d9577127babd06b130de117f0b9c756b8a90f0fb6a00399411bb5f284e94e81412a45e5f98a4c3927a32139216c34ffdf5c73c2288f2ddc88cb89b4fc4

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.