General
-
Target
10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760.zip
-
Size
160KB
-
Sample
221115-gq8w4sbe9z
-
MD5
99ad51178922532425c7efdeed4dbb25
-
SHA1
59fd7a0746150a33cd922520d88774e0ba806f25
-
SHA256
767c61507fbe6dac20a128157226d676f509dc23ce057aedee59c2ad378eaaf3
-
SHA512
9df646b8aba5f59202be83d2a16ed0d6366c2e74871eb066bced1c8359cd7c48ff8b62145857a8558eb65183532d0ae3514d85679db9aefba63298e0b0359d4e
-
SSDEEP
3072:Gokoy/BuTj0/K9ihXTdxa8C8W4bhmfJ62FMTTTiIlOzOS/Ie1lWhFP6WE/y:tzycTjsK9ihjd95mfPqTTTZl5SJKr6Wj
Malware Config
Targets
-
-
Target
10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760.exe
-
Size
197KB
-
MD5
5c3f73f74ff01937543395e7c97af556
-
SHA1
81ea3ba54b1100945c15bdabf4d49b25f27ed13d
-
SHA256
10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760
-
SHA512
a857a2e587a6c4dc62d6c3ce43290e1ed62e1a8e46164a77c967bd336693769ccbae22e58c908dfa91a82065b01f19b09b6825424c834e832d3983f384f2541f
-
SSDEEP
3072:zgcC1rbu+kSthtDvZMMke9Lk7fQLO7VpBNj3c0fTrEC2VFejIYe:zC1rbfkSthtDZanqOZ1THiFwI
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-