Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NitroRansomware.exe

  • Size

    1.0MB

  • Sample

    230701-jqaqeshb81

  • MD5

    49bd540f675ab86f4cc99008103a0593

  • SHA1

    5412cf9129ee7fb43bc132da22d4f628b475995d

  • SHA256

    3c2b8203efee6f5cc3b74802d02a650dc105dc3ae81ca888b08cc2f830b8f838

  • SHA512

    19811c18d80e742360b6bf1c19dadd8ba5ecca42f1c9f53718ee8f09da170565680050d1af78e6e701c296efd75406d3c48a88adb6a1f618e5b28e7cfcbf5b2d

  • SSDEEP

    24576:YoYGGjodngwtlaHxN8KUWVe6tw2wvKhLnmY:YoYG2odngwwHv5VbtHw

Malware Config

Targets

    • Target

      NitroRansomware.exe

    • Size

      1.0MB

    • MD5

      49bd540f675ab86f4cc99008103a0593

    • SHA1

      5412cf9129ee7fb43bc132da22d4f628b475995d

    • SHA256

      3c2b8203efee6f5cc3b74802d02a650dc105dc3ae81ca888b08cc2f830b8f838

    • SHA512

      19811c18d80e742360b6bf1c19dadd8ba5ecca42f1c9f53718ee8f09da170565680050d1af78e6e701c296efd75406d3c48a88adb6a1f618e5b28e7cfcbf5b2d

    • SSDEEP

      24576:YoYGGjodngwtlaHxN8KUWVe6tw2wvKhLnmY:YoYG2odngwwHv5VbtHw

    • UAC bypass

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks