General
-
Target
bd6a28824f6d3bec6c3955b47b8e37f5
-
Size
62KB
-
Sample
240310-csnazaad5x
-
MD5
bd6a28824f6d3bec6c3955b47b8e37f5
-
SHA1
9e48389bfab6d77710cf8a2f7dec27467357278b
-
SHA256
ce35a705ef3459ab9189cbe0439f776a64fc6be992da0e61e77ff238c669af32
-
SHA512
a2566f6e7edb2834ad0db2382978043c635dd7acfb7480faa37efb925296f95e9c3bd19e67ed0c959501f7e55d14df0d4c8edf261bebdf61f15c48f5f897f2fd
-
SSDEEP
768:rASVqCXHV2bScj+mDhWEQwNIoHlYLDwUzc80gmq3oP/oDY:rASMSc95Qw5ar/0O8/o8
Malware Config
Targets
-
-
Target
bd6a28824f6d3bec6c3955b47b8e37f5
-
Size
62KB
-
MD5
bd6a28824f6d3bec6c3955b47b8e37f5
-
SHA1
9e48389bfab6d77710cf8a2f7dec27467357278b
-
SHA256
ce35a705ef3459ab9189cbe0439f776a64fc6be992da0e61e77ff238c669af32
-
SHA512
a2566f6e7edb2834ad0db2382978043c635dd7acfb7480faa37efb925296f95e9c3bd19e67ed0c959501f7e55d14df0d4c8edf261bebdf61f15c48f5f897f2fd
-
SSDEEP
768:rASVqCXHV2bScj+mDhWEQwNIoHlYLDwUzc80gmq3oP/oDY:rASMSc95Qw5ar/0O8/o8
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Renames multiple (79) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-