Overview

overview

10

Static

static

NitroRansomware.exe

windows7_x64

10

NitroRansomware.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NitroRansomware.exe

  • Size

    108KB

  • Sample

    220415-ynnltsdhdj

  • MD5

    3fff55017f68f7fd04157b08e2cf8b59

  • SHA1

    e7fd09b650526bab65091f6db7484578143fd3d2

  • SHA256

    00a84b4d7c45a603efaf946f2422e8ce64ebb632473ec36c34c03a94739e745a

  • SHA512

    f77719aa974d85473c10f278991a3cc742fee5464039b102b12c5a436277726e79bea276be641450c73bf0ceab5bad8deaa42b4687f0e8c40873972be631a8ba

Score
10/10
nitropersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      NitroRansomware.exe

    • Size

      108KB

    • MD5

      3fff55017f68f7fd04157b08e2cf8b59

    • SHA1

      e7fd09b650526bab65091f6db7484578143fd3d2

    • SHA256

      00a84b4d7c45a603efaf946f2422e8ce64ebb632473ec36c34c03a94739e745a

    • SHA512

      f77719aa974d85473c10f278991a3cc742fee5464039b102b12c5a436277726e79bea276be641450c73bf0ceab5bad8deaa42b4687f0e8c40873972be631a8ba

    Score
    10/10
    nitropersistenceransomwarespywarestealer

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks