Overview

overview

10

Static

static

73de3eeba1...e6.exe

windows7_x64

10

73de3eeba1...e6.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73de3eeba18475c6860e39061b0174e6

  • Size

    62KB

  • Sample

    210812-pys7l1hlwx

  • MD5

    73de3eeba18475c6860e39061b0174e6

  • SHA1

    10a3823601b1a18edc62a5bbc83cd7c581f1da59

  • SHA256

    570cc4b6530b319dfc71201010b2775acb89c94e7d42acdbc53f635f2ca4ee4a

  • SHA512

    7f8974d9f71c8b01caa75df6c4dfdb363514d54815d6acd8834a0dd1bc2689bc031adf1b9cbd86554a926bb5d594c0be4fd96e1d8033d97ac5e9bcfe1575a54f

Score
10/10
nitropersistenceransomware

Malware Config

Targets

    • Target

      73de3eeba18475c6860e39061b0174e6

    • Size

      62KB

    • MD5

      73de3eeba18475c6860e39061b0174e6

    • SHA1

      10a3823601b1a18edc62a5bbc83cd7c581f1da59

    • SHA256

      570cc4b6530b319dfc71201010b2775acb89c94e7d42acdbc53f635f2ca4ee4a

    • SHA512

      7f8974d9f71c8b01caa75df6c4dfdb363514d54815d6acd8834a0dd1bc2689bc031adf1b9cbd86554a926bb5d594c0be4fd96e1d8033d97ac5e9bcfe1575a54f

    Score
    10/10
    nitropersistenceransomware

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks