General
-
Target
a064b524a661ce56c911fb3b184c1b8d
-
Size
61KB
-
Sample
240222-3vb9lagf2t
-
MD5
a064b524a661ce56c911fb3b184c1b8d
-
SHA1
a39aaf5834308ce443b56d80b7cf28ad9eb8f2f2
-
SHA256
3d782b5f5304e058161dce64bf27fc5c28af23675ce6db1fc46386fb8f532c2b
-
SHA512
397fd0aa5e5bbb37e2cc703a81335eabdeada48fde13e100b876e7fcd3c79218dc59e533f000e7dbb1e0dc9986d98617249d327c42e9c5b19f7aeb4e2f0a238b
-
SSDEEP
768:gnbyhKtnWoRxqf7GNI4r8YLDwUzc80gmq3oP/oDY:gnbRw7Gxpr/0O8/ok
Malware Config
Targets
-
-
Target
a064b524a661ce56c911fb3b184c1b8d
-
Size
61KB
-
MD5
a064b524a661ce56c911fb3b184c1b8d
-
SHA1
a39aaf5834308ce443b56d80b7cf28ad9eb8f2f2
-
SHA256
3d782b5f5304e058161dce64bf27fc5c28af23675ce6db1fc46386fb8f532c2b
-
SHA512
397fd0aa5e5bbb37e2cc703a81335eabdeada48fde13e100b876e7fcd3c79218dc59e533f000e7dbb1e0dc9986d98617249d327c42e9c5b19f7aeb4e2f0a238b
-
SSDEEP
768:gnbyhKtnWoRxqf7GNI4r8YLDwUzc80gmq3oP/oDY:gnbRw7Gxpr/0O8/ok
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Renames multiple (79) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-