General

  • Target

    96afa5e15f4cdbb0e1f51097e6acf4ea

  • Size

    123KB

  • Sample

    240212-j11plaad27

  • MD5

    96afa5e15f4cdbb0e1f51097e6acf4ea

  • SHA1

    f38ea1b2f52f76a691a320a6a812a414cc0d2ecf

  • SHA256

    7d7f39ea140c1d58a017ffdd969c8a6f6201bfb578b4090b1e4588be84a7e29a

  • SHA512

    8079fcb8018f31d08b9e3f01ca35ce7f1526632e9bdd3c6ff83df279f24ddba83c929a033bd0450cd196356d280be7948386957db6d7e8dceb242c12cd145efc

  • SSDEEP

    1536:pCIx2GoWviV8U5RG+B9cz5PdJQnAo045kna1h/9tiIx9XJKS2O8/ovxTR4r/3O:eZRJ2dg0Ut335KS38/ovJR46

Malware Config

Targets

    • Target

      96afa5e15f4cdbb0e1f51097e6acf4ea

    • Size

      123KB

    • MD5

      96afa5e15f4cdbb0e1f51097e6acf4ea

    • SHA1

      f38ea1b2f52f76a691a320a6a812a414cc0d2ecf

    • SHA256

      7d7f39ea140c1d58a017ffdd969c8a6f6201bfb578b4090b1e4588be84a7e29a

    • SHA512

      8079fcb8018f31d08b9e3f01ca35ce7f1526632e9bdd3c6ff83df279f24ddba83c929a033bd0450cd196356d280be7948386957db6d7e8dceb242c12cd145efc

    • SSDEEP

      1536:pCIx2GoWviV8U5RG+B9cz5PdJQnAo045kna1h/9tiIx9XJKS2O8/ovxTR4r/3O:eZRJ2dg0Ut335KS38/ovJR46

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

    • Renames multiple (74) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks