f3658f793a697c456e7cd93cc1467e10e36e78481b30b4694daea4721739aa0b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NitroRansomware.exe
Size

1.3MB
Sample

230701-v5d7yahb73
MD5

5f1d0623411e015b5c87052ae54423bf
SHA1

15567341940571bf5720f5a92b172812932b7b51
SHA256

f3658f793a697c456e7cd93cc1467e10e36e78481b30b4694daea4721739aa0b
SHA512

74244d3daa003a957fcb347f10abbdfaef3043b0ed1d124566e35b352be6bd152415675f02273c1ec95c26141bbfe5ff66c667946e43f280545291e6f628024c
SSDEEP

24576:aAYGGjodngwtlaHxN8KUWVe6tw2wvKhLnekqjVnlqud+/2P+AXl:aAYG2odngwwHv5VbtHw1kqXfd+/9A

Score

6^/10

Malware Config

Targets

- Target
  
  NitroRansomware.exe
- Size
  
  1.3MB
- MD5
  
  5f1d0623411e015b5c87052ae54423bf
- SHA1
  
  15567341940571bf5720f5a92b172812932b7b51
- SHA256
  
  f3658f793a697c456e7cd93cc1467e10e36e78481b30b4694daea4721739aa0b
- SHA512
  
  74244d3daa003a957fcb347f10abbdfaef3043b0ed1d124566e35b352be6bd152415675f02273c1ec95c26141bbfe5ff66c667946e43f280545291e6f628024c
- SSDEEP
  
  24576:aAYGGjodngwtlaHxN8KUWVe6tw2wvKhLnekqjVnlqud+/2P+AXl:aAYG2odngwwHv5VbtHw1kqXfd+/9A
Score

6^/10
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1