nitro | e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108 | Triage

Sharing

General

Target

e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108
Size

60KB
Sample

240310-b6hrzahd9s
MD5

78dccba73280386590569de76a4dbe38
SHA1

496972dd693202c7ed3d0e78fd080d25953d4918
SHA256

e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108
SHA512

dc57a0fc38dc6eb9040c3b1a7bf51433490b7a77cb0661a4bccfcf5852563964ddd55bb0347c0ff305d85d4de5b020a2fb624c3ed5f9358f6e0d772bdac30af4
SSDEEP

768:BOucKn7n1JVDNANIUXUvLDwUzc80gmq3oP/oDD:BO2VDNAPSr/0O8/ov

Score

10^/10

nitro persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108
- Size
  
  60KB
- MD5
  
  78dccba73280386590569de76a4dbe38
- SHA1
  
  496972dd693202c7ed3d0e78fd080d25953d4918
- SHA256
  
  e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108
- SHA512
  
  dc57a0fc38dc6eb9040c3b1a7bf51433490b7a77cb0661a4bccfcf5852563964ddd55bb0347c0ff305d85d4de5b020a2fb624c3ed5f9358f6e0d772bdac30af4
- SSDEEP
  
  768:BOucKn7n1JVDNANIUXUvLDwUzc80gmq3oP/oDD:BO2VDNAPSr/0O8/ov
Score

10^/10

nitro persistence ransomware spyware stealer
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Detects executables Discord URL observed in first stage droppers
- Renames multiple (69) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

nitropersistenceransomwarespywarestealer

behavioral2

nitropersistenceransomwarespywarestealer