nitro | 62bf001525c54efc9715f6562e58bce96a6283aed9acb13f330f0fc487220419 | Triage

Submit
Reports

Overview

overview

Static

static

3

NitroRansomware.exe

windows10-2004-x64

Sharing

General

Target

NitroRansomware.exe
Size

66KB
Sample

230630-zmllhsef84
MD5

fb8b40c35ce47a3e9c7106c3a9074812
SHA1

157158936a9ae7c26f9f2194e0e19cf2729362f3
SHA256

62bf001525c54efc9715f6562e58bce96a6283aed9acb13f330f0fc487220419
SHA512

9bf593e6fbad5c566e6526e7892f750f050cff2e6a255ce611bf51b85e214bba0e1bc2f8d13c6538ac2df16f00a80bebf74f7262ca6b9fd2c1becd211b8d98e6
SSDEEP

768:qH3DdNeB5G8tOHsvVXwmIkpLDwUzc80gmq3oP/oDT:a3RQB3tXWx0r/0O8/oP

Score

10^/10

nitro persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NitroRansomware.exe

Resource

win10v2004-20230621-en

nitro persistence ransomware

windows10-2004-x64

11 signatures

1800 seconds

Malware Config

Targets

- Target
  
  NitroRansomware.exe
- Size
  
  66KB
- MD5
  
  fb8b40c35ce47a3e9c7106c3a9074812
- SHA1
  
  157158936a9ae7c26f9f2194e0e19cf2729362f3
- SHA256
  
  62bf001525c54efc9715f6562e58bce96a6283aed9acb13f330f0fc487220419
- SHA512
  
  9bf593e6fbad5c566e6526e7892f750f050cff2e6a255ce611bf51b85e214bba0e1bc2f8d13c6538ac2df16f00a80bebf74f7262ca6b9fd2c1becd211b8d98e6
- SSDEEP
  
  768:qH3DdNeB5G8tOHsvVXwmIkpLDwUzc80gmq3oP/oDT:a3RQB3tXWx0r/0O8/oP
Score

10^/10

nitro persistence ransomware
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

nitropersistenceransomware

© 2018-2025

Terms | Privacy