nitro | 60727ce041da619eb4071fcf13de92d9f8ea9f21741782e3ead14117a63cc5b3 | Triage

Submit
Reports

Overview

overview

Static

static

3

NitroRanso...xe.exe

windows7-x64

NitroRanso...xe.exe

windows10-2004-x64

Sharing

General

Target

NitroRansomwareexe.exe
Size

1.7MB
Sample

230705-nv8kgaca22
MD5

4c76a86d5ae0b97c0aeb685ef0669b2e
SHA1

f82d664141c1aca3942f939491e36ed4d86e0167
SHA256

60727ce041da619eb4071fcf13de92d9f8ea9f21741782e3ead14117a63cc5b3
SHA512

c41cfe498dc52a5810836a91842b3632af9831747d9bfd6cf7dbdd9301e330f88592f78cdf8e4473fdd38bd0c974c306775f93a77e21bbd809ee36675626f350
SSDEEP

49152:UowYGwfZPnlXMTdngwwHv5VbtHw1kqXfd+/9AE:UoVDZdcNgNhVRw1kqXf0F

Score

10^/10

nitro evasion persistence ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NitroRansomwareexe.exe

Resource

win7-20230703-en

evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

NitroRansomwareexe.exe

Resource

win10v2004-20230703-en

nitro evasion persistence ransomware trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  NitroRansomwareexe.exe
- Size
  
  1.7MB
- MD5
  
  4c76a86d5ae0b97c0aeb685ef0669b2e
- SHA1
  
  f82d664141c1aca3942f939491e36ed4d86e0167
- SHA256
  
  60727ce041da619eb4071fcf13de92d9f8ea9f21741782e3ead14117a63cc5b3
- SHA512
  
  c41cfe498dc52a5810836a91842b3632af9831747d9bfd6cf7dbdd9301e330f88592f78cdf8e4473fdd38bd0c974c306775f93a77e21bbd809ee36675626f350
- SSDEEP
  
  49152:UowYGwfZPnlXMTdngwwHv5VbtHw1kqXfd+/9AE:UoVDZdcNgNhVRw1kqXf0F
Score

10^/10

evasion persistence trojan nitro ransomware
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- UAC bypass
  evasion trojan
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

nitroevasionpersistenceransomwaretrojan

© 2018-2025

Terms | Privacy