Resubmissions
19-02-2024 21:33
240219-1d7caseb85 10General
-
Target
NitroRansomware.exe
-
Size
61KB
-
Sample
240219-1d7caseb85
-
MD5
f1c0ee2aa52d41fcd36be766ae6e4f36
-
SHA1
654786fbdf440f1270453265a77d9000ec4516b7
-
SHA256
be19e89787043f5f1801c993ecd99515a4e3bd0cdae098b64d90c2ce7dd47598
-
SHA512
86c768588cc1f4fac53b35dafd08f21726773e1f730c931c42d3b38cb66c3f88c40413374f4a1b489555d067cbebb75e4112a3bf9465b50815aea9c77b2ea1d8
-
SSDEEP
768:7FCY5Jrg9Jl7M9ZkiANIZaZ6YLDwUzc80gmq3oP/oDU:7FqNM9ZkiAaWr/0O8/ow
Malware Config
Targets
-
-
Target
NitroRansomware.exe
-
Size
61KB
-
MD5
f1c0ee2aa52d41fcd36be766ae6e4f36
-
SHA1
654786fbdf440f1270453265a77d9000ec4516b7
-
SHA256
be19e89787043f5f1801c993ecd99515a4e3bd0cdae098b64d90c2ce7dd47598
-
SHA512
86c768588cc1f4fac53b35dafd08f21726773e1f730c931c42d3b38cb66c3f88c40413374f4a1b489555d067cbebb75e4112a3bf9465b50815aea9c77b2ea1d8
-
SSDEEP
768:7FCY5Jrg9Jl7M9ZkiANIZaZ6YLDwUzc80gmq3oP/oDU:7FqNM9ZkiAaWr/0O8/ow
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Renames multiple (96) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-