General
-
Target
c62841916d8477986697839c68025bd4158367c8c7e0e05fdc29fcdd210099f4
-
Size
179KB
-
Sample
211220-kpyljaaae3
-
MD5
8f06a36119294e2950b0fa5ec41b605a
-
SHA1
27c9aba4fb5f1da2b109e22fa898f23b73512af5
-
SHA256
c62841916d8477986697839c68025bd4158367c8c7e0e05fdc29fcdd210099f4
-
SHA512
fb98058d6a03ed25b8981a8b29d29282ba090fc138a96edc3cd3beaf9b0c4d904a0cc27eb58730e05e33c55fb8b5de3eaadb5c63ca92201d6bb49481d0522a0d
Malware Config
Targets
-
-
Target
c62841916d8477986697839c68025bd4158367c8c7e0e05fdc29fcdd210099f4
-
Size
179KB
-
MD5
8f06a36119294e2950b0fa5ec41b605a
-
SHA1
27c9aba4fb5f1da2b109e22fa898f23b73512af5
-
SHA256
c62841916d8477986697839c68025bd4158367c8c7e0e05fdc29fcdd210099f4
-
SHA512
fb98058d6a03ed25b8981a8b29d29282ba090fc138a96edc3cd3beaf9b0c4d904a0cc27eb58730e05e33c55fb8b5de3eaadb5c63ca92201d6bb49481d0522a0d
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-