nitro | faaac111b93bcfdc0024a28ee3d07a4e1a464d0211cac0eb387dc8542be69048 | Triage

Sharing

General

Target

0aa959049ed181008cd30a818ca4abc1.bin
Size

690KB
Sample

231127-bc7h8sdd69
MD5

0aa959049ed181008cd30a818ca4abc1
SHA1

9dee42230d2b31eebe14e68c103c7423fcb5de92
SHA256

faaac111b93bcfdc0024a28ee3d07a4e1a464d0211cac0eb387dc8542be69048
SHA512

90315cdabbfd0826d39cc4ea166cd037a371e72e9068926f8da0c00a9a59d00114b0422c2ecc59527e08e426a7a9d96c2b1a94592995707c58453a39e45fac91
SSDEEP

12288:08+ACgkCHHdmg0ByvR4mWWaqMpWTYkmIWXoKOvp5y8HN7CzsXgxx9/06UqU4q:JkamxmWeeWFDuorh57HN7Czswxj/tVO

Score

10^/10

nitro persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  0aa959049ed181008cd30a818ca4abc1.bin
- Size
  
  690KB
- MD5
  
  0aa959049ed181008cd30a818ca4abc1
- SHA1
  
  9dee42230d2b31eebe14e68c103c7423fcb5de92
- SHA256
  
  faaac111b93bcfdc0024a28ee3d07a4e1a464d0211cac0eb387dc8542be69048
- SHA512
  
  90315cdabbfd0826d39cc4ea166cd037a371e72e9068926f8da0c00a9a59d00114b0422c2ecc59527e08e426a7a9d96c2b1a94592995707c58453a39e45fac91
- SSDEEP
  
  12288:08+ACgkCHHdmg0ByvR4mWWaqMpWTYkmIWXoKOvp5y8HN7CzsXgxx9/06UqU4q:JkamxmWeeWFDuorh57HN7Czswxj/tVO
Score

10^/10

nitro persistence ransomware spyware stealer
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Renames multiple (76) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (84) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

nitropersistenceransomwarespywarestealer

behavioral2

nitropersistenceransomwarespywarestealer