nitro | 767c61507fbe6dac20a128157226d676f509dc23ce057aedee59c2ad378eaaf3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

10f30e000c...60.exe

windows7-x64

10f30e000c...60.exe

windows10-2004-x64

Sharing

General

Target

10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760.zip
Size

160KB
Sample

221115-gq8w4sbe9z
MD5

99ad51178922532425c7efdeed4dbb25
SHA1

59fd7a0746150a33cd922520d88774e0ba806f25
SHA256

767c61507fbe6dac20a128157226d676f509dc23ce057aedee59c2ad378eaaf3
SHA512

9df646b8aba5f59202be83d2a16ed0d6366c2e74871eb066bced1c8359cd7c48ff8b62145857a8558eb65183532d0ae3514d85679db9aefba63298e0b0359d4e
SSDEEP

3072:Gokoy/BuTj0/K9ihXTdxa8C8W4bhmfJ62FMTTTiIlOzOS/Ie1lWhFP6WE/y:tzycTjsK9ihjd95mfPqTTTZl5SJKr6Wj

Score

10^/10

nitro persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760.exe

Resource

win7-20220812-en

nitro persistence ransomware spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760.exe

Resource

win10v2004-20220812-en

nitro persistence ransomware spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760.exe
- Size
  
  197KB
- MD5
  
  5c3f73f74ff01937543395e7c97af556
- SHA1
  
  81ea3ba54b1100945c15bdabf4d49b25f27ed13d
- SHA256
  
  10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760
- SHA512
  
  a857a2e587a6c4dc62d6c3ce43290e1ed62e1a8e46164a77c967bd336693769ccbae22e58c908dfa91a82065b01f19b09b6825424c834e832d3983f384f2541f
- SSDEEP
  
  3072:zgcC1rbu+kSthtDvZMMke9Lk7fQLO7VpBNj3c0fTrEC2VFejIYe:zC1rbfkSthtDZanqOZ1THiFwI
Score

10^/10

nitro persistence ransomware spyware stealer
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

nitropersistenceransomwarespywarestealer

behavioral2

nitropersistenceransomwarespywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.