nitro | 10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760 | Triage

Sharing

General

Target

10F30E000C7500EF9AC1116CA3022F03A50700CE39A3F6F76C2B6202BCF14760.bin
Size

197KB
Sample

221115-sz5ftsad3y
MD5

5c3f73f74ff01937543395e7c97af556
SHA1

81ea3ba54b1100945c15bdabf4d49b25f27ed13d
SHA256

10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760
SHA512

a857a2e587a6c4dc62d6c3ce43290e1ed62e1a8e46164a77c967bd336693769ccbae22e58c908dfa91a82065b01f19b09b6825424c834e832d3983f384f2541f
SSDEEP

3072:zgcC1rbu+kSthtDvZMMke9Lk7fQLO7VpBNj3c0fTrEC2VFejIYe:zC1rbfkSthtDZanqOZ1THiFwI

Score

10^/10

nitro persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  10F30E000C7500EF9AC1116CA3022F03A50700CE39A3F6F76C2B6202BCF14760.bin
- Size
  
  197KB
- MD5
  
  5c3f73f74ff01937543395e7c97af556
- SHA1
  
  81ea3ba54b1100945c15bdabf4d49b25f27ed13d
- SHA256
  
  10f30e000c7500ef9ac1116ca3022f03a50700ce39a3f6f76c2b6202bcf14760
- SHA512
  
  a857a2e587a6c4dc62d6c3ce43290e1ed62e1a8e46164a77c967bd336693769ccbae22e58c908dfa91a82065b01f19b09b6825424c834e832d3983f384f2541f
- SSDEEP
  
  3072:zgcC1rbu+kSthtDvZMMke9Lk7fQLO7VpBNj3c0fTrEC2VFejIYe:zC1rbfkSthtDZanqOZ1THiFwI
Score

10^/10

nitro persistence ransomware spyware stealer
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

nitropersistenceransomwarespywarestealer

behavioral2

nitropersistenceransomwarespywarestealer