Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NitroRansomware.exe
-
Size
1.0MB
-
Sample
230701-jqaqeshb81
-
MD5
49bd540f675ab86f4cc99008103a0593
-
SHA1
5412cf9129ee7fb43bc132da22d4f628b475995d
-
SHA256
3c2b8203efee6f5cc3b74802d02a650dc105dc3ae81ca888b08cc2f830b8f838
-
SHA512
19811c18d80e742360b6bf1c19dadd8ba5ecca42f1c9f53718ee8f09da170565680050d1af78e6e701c296efd75406d3c48a88adb6a1f618e5b28e7cfcbf5b2d
-
SSDEEP
24576:YoYGGjodngwtlaHxN8KUWVe6tw2wvKhLnmY:YoYG2odngwwHv5VbtHw
Static task
static1
Behavioral task
behavioral1
Sample
NitroRansomware.exe
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
NitroRansomware.exe
-
Size
1.0MB
-
MD5
49bd540f675ab86f4cc99008103a0593
-
SHA1
5412cf9129ee7fb43bc132da22d4f628b475995d
-
SHA256
3c2b8203efee6f5cc3b74802d02a650dc105dc3ae81ca888b08cc2f830b8f838
-
SHA512
19811c18d80e742360b6bf1c19dadd8ba5ecca42f1c9f53718ee8f09da170565680050d1af78e6e701c296efd75406d3c48a88adb6a1f618e5b28e7cfcbf5b2d
-
SSDEEP
24576:YoYGGjodngwtlaHxN8KUWVe6tw2wvKhLnmY:YoYG2odngwwHv5VbtHw
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-