nitro | a2417b27f08b82ae02c02f8d77484f3bbda0864215e3854318836bdd78470e96 | Triage

Sharing

General

Target

7427b0a0899935dad2b8c2537c927ca8.bin
Size

66KB
Sample

230702-b2lm3aac37
MD5

7427b0a0899935dad2b8c2537c927ca8
SHA1

12107e241724be0c980664691d96567e49b75ed0
SHA256

a2417b27f08b82ae02c02f8d77484f3bbda0864215e3854318836bdd78470e96
SHA512

10502ea49e9121a1b5f96ab490dac60cf524e0170c9bba1fb7f25f0f33ad329d32c15fa51a8d8e45dd979ba0ba45de75de0590f1418a45196beb999a0ed7ccec
SSDEEP

768:qHe5kp8x6IXIBsXtql6h2tQHUvlXKY4kpLDwUzc80gmq3oP/oDU:aikp8xHgl6Itjk90r/0O8/ow

Score

10^/10

nitro persistence ransomware

Malware Config

Targets

- Target
  
  7427b0a0899935dad2b8c2537c927ca8.bin
- Size
  
  66KB
- MD5
  
  7427b0a0899935dad2b8c2537c927ca8
- SHA1
  
  12107e241724be0c980664691d96567e49b75ed0
- SHA256
  
  a2417b27f08b82ae02c02f8d77484f3bbda0864215e3854318836bdd78470e96
- SHA512
  
  10502ea49e9121a1b5f96ab490dac60cf524e0170c9bba1fb7f25f0f33ad329d32c15fa51a8d8e45dd979ba0ba45de75de0590f1418a45196beb999a0ed7ccec
- SSDEEP
  
  768:qHe5kp8x6IXIBsXtql6h2tQHUvlXKY4kpLDwUzc80gmq3oP/oDU:aikp8xHgl6Itjk90r/0O8/ow
Score

10^/10

nitro persistence ransomware
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

nitropersistenceransomware

behavioral2

nitropersistenceransomware