nitro | 3d782b5f5304e058161dce64bf27fc5c28af23675ce6db1fc46386fb8f532c2b | Triage

Resubmissions

22-02-2024 23:54

240222-3x6k8agf4w 10

22-02-2024 23:49

240222-3vb9lagf2t 10

21-02-2024 19:26

240221-x5j5ased59 10

Sharing

General

Target

a064b524a661ce56c911fb3b184c1b8d
Size

61KB
Sample

240222-3x6k8agf4w
MD5

a064b524a661ce56c911fb3b184c1b8d
SHA1

a39aaf5834308ce443b56d80b7cf28ad9eb8f2f2
SHA256

3d782b5f5304e058161dce64bf27fc5c28af23675ce6db1fc46386fb8f532c2b
SHA512

397fd0aa5e5bbb37e2cc703a81335eabdeada48fde13e100b876e7fcd3c79218dc59e533f000e7dbb1e0dc9986d98617249d327c42e9c5b19f7aeb4e2f0a238b
SSDEEP

768:gnbyhKtnWoRxqf7GNI4r8YLDwUzc80gmq3oP/oDY:gnbRw7Gxpr/0O8/ok

Score

10^/10

nitro persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  a064b524a661ce56c911fb3b184c1b8d
- Size
  
  61KB
- MD5
  
  a064b524a661ce56c911fb3b184c1b8d
- SHA1
  
  a39aaf5834308ce443b56d80b7cf28ad9eb8f2f2
- SHA256
  
  3d782b5f5304e058161dce64bf27fc5c28af23675ce6db1fc46386fb8f532c2b
- SHA512
  
  397fd0aa5e5bbb37e2cc703a81335eabdeada48fde13e100b876e7fcd3c79218dc59e533f000e7dbb1e0dc9986d98617249d327c42e9c5b19f7aeb4e2f0a238b
- SSDEEP
  
  768:gnbyhKtnWoRxqf7GNI4r8YLDwUzc80gmq3oP/oDY:gnbRw7Gxpr/0O8/ok
Score

10^/10

persistence spyware stealer nitro ransomware
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Renames multiple (76) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

nitropersistenceransomwarespywarestealer