Overview

overview

10

Static

static

nitro.exe

windows10-1703-x64

10

nitro.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760.zip

  • Size

    160KB

  • Sample

    221115-f7gcrafa93

  • MD5

    1b01b176dcc36b86e657dc05e680b39a

  • SHA1

    520a2dd58117656709b09444b37682cdccff07ef

  • SHA256

    1f816f908c11995784981abc0ff7d0bd6cdb90f840b2584944263eb9fc8760bb

  • SHA512

    8509c0692c6c8fc5e324d70d70c410da33195d54e56f81db5a3777643e3eae4588a8131045a1a1946c0ef2f2d2b2877254e2b2c60dcc52f71d5d98f2f2ab9ea9

  • SSDEEP

    3072:1VExI1qr/URAa/rE2v4bZZU11TaT3QpcN4p/9vmh31UJIHtvlkUil:HExI1Y2v4bZqHa0pcN4RQhlUJINKUil

Score
10/10
nitropersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      nitro.exe

    • Size

      197KB

    • MD5

      5c3f73f74ff01937543395e7c97af556

    • SHA1

      81ea3ba54b1100945c15bdabf4d49b25f27ed13d

    • SHA256

      10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760

    • SHA512

      a857a2e587a6c4dc62d6c3ce43290e1ed62e1a8e46164a77c967bd336693769ccbae22e58c908dfa91a82065b01f19b09b6825424c834e832d3983f384f2541f

    • SSDEEP

      3072:zgcC1rbu+kSthtDvZMMke9Lk7fQLO7VpBNj3c0fTrEC2VFejIYe:zC1rbfkSthtDZanqOZ1THiFwI

    Score
    10/10
    nitropersistenceransomwarespywarestealer

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks