e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108 | Triage

Sharing

General

Target

e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108
Size

60KB
MD5

78dccba73280386590569de76a4dbe38
SHA1

496972dd693202c7ed3d0e78fd080d25953d4918
SHA256

e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108
SHA512

dc57a0fc38dc6eb9040c3b1a7bf51433490b7a77cb0661a4bccfcf5852563964ddd55bb0347c0ff305d85d4de5b020a2fb624c3ed5f9358f6e0d772bdac30af4
SSDEEP

768:BOucKn7n1JVDNANIUXUvLDwUzc80gmq3oP/oDD:BO2VDNAPSr/0O8/ov

Score

10^/10

Malware Config

Signatures

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108

Files

e98bc10cbd25be7fa5830a04cd2d089443d24be06c60305b49c5fe9fff529108
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\source\repos\Nitro-Ransomware-master\NitroRansomware\obj\Release\NitroRansomware.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ