Overview

overview

10

Static

static

043fbd84e0...bc.exe

windows7_x64

10

043fbd84e0...bc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    043fbd84e0a00c3fbf71b88a3e2739bc

  • Size

    60KB

  • Sample

    210812-d4rk3httrj

  • MD5

    043fbd84e0a00c3fbf71b88a3e2739bc

  • SHA1

    02f42bcab70e675d309a89b34125461cde1a7ea5

  • SHA256

    39c7f0761cb71570fc1a3dda81f18f97ac6d58e15b7b24cdadc9cf60dffd18a1

  • SHA512

    26506f5843c573f2b1a8c4923a4b38d83e998a6a34d1ce087e127a9099fb04f7baa5d6d4bc166ccd4094220054f569e54bac9403bd4944d62ca225bd0bc16660

Score
10/10
nitropersistenceransomware

Malware Config

Targets

    • Target

      043fbd84e0a00c3fbf71b88a3e2739bc

    • Size

      60KB

    • MD5

      043fbd84e0a00c3fbf71b88a3e2739bc

    • SHA1

      02f42bcab70e675d309a89b34125461cde1a7ea5

    • SHA256

      39c7f0761cb71570fc1a3dda81f18f97ac6d58e15b7b24cdadc9cf60dffd18a1

    • SHA512

      26506f5843c573f2b1a8c4923a4b38d83e998a6a34d1ce087e127a9099fb04f7baa5d6d4bc166ccd4094220054f569e54bac9403bd4944d62ca225bd0bc16660

    Score
    10/10
    nitropersistenceransomware

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks