General
-
Target
NitroRansomware.exe
-
Size
61KB
-
Sample
230104-l4n63sad8s
-
MD5
a0c0192c30c048044421d25c23501582
-
SHA1
d6080d25a6439238d0a8e90e6bbfc229680ecf3b
-
SHA256
eeee4913ce5c133dfc97b42d9736ee144686682d98c9a00dc69f3993a3da1db1
-
SHA512
af11e4b7d07c68d06caa9a1da4bb888e4c131f109b2bc1c7835a06be73591e4e66109532c70f4f7d3eddcb43a23ce9c4111fe44b60b73ea6bd07490546db756b
-
SSDEEP
768:K3KsMqCXfVcWlQM9ZkCANIUL5PGLDwUzc80gmq3oP/oDy:KKseSM9ZkCAPor/0O8/oO
Malware Config
Targets
-
-
Target
NitroRansomware.exe
-
Size
61KB
-
MD5
a0c0192c30c048044421d25c23501582
-
SHA1
d6080d25a6439238d0a8e90e6bbfc229680ecf3b
-
SHA256
eeee4913ce5c133dfc97b42d9736ee144686682d98c9a00dc69f3993a3da1db1
-
SHA512
af11e4b7d07c68d06caa9a1da4bb888e4c131f109b2bc1c7835a06be73591e4e66109532c70f4f7d3eddcb43a23ce9c4111fe44b60b73ea6bd07490546db756b
-
SSDEEP
768:K3KsMqCXfVcWlQM9ZkCANIUL5PGLDwUzc80gmq3oP/oDy:KKseSM9ZkCAPor/0O8/oO
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-