General
-
Target
cbcf9db19f980d9b5232345242d981fa
-
Size
60KB
-
Sample
240315-s9znbscc9z
-
MD5
cbcf9db19f980d9b5232345242d981fa
-
SHA1
0f119cc4df6ea8a861141016e595f99da295b16e
-
SHA256
b244fa001f1f45246b4608fdac78f80988ad60150aa08e7988fc5dbd37e323ef
-
SHA512
7d30cc8ef76b8f8c611f80edca3ccf7ee0daaaa9adbb5fe80db53ae65b2bc5d75e2a1b3e21ae164e211b7176a108ce92d23bac3d6b2a01f113ca019ea846b9d9
-
SSDEEP
768:5OXeakeRbRW3DNANIhrtLvLDwUzc80gmq3oP/oDU:5OPW3DNA8Fr/0O8/oA
Malware Config
Targets
-
-
Target
cbcf9db19f980d9b5232345242d981fa
-
Size
60KB
-
MD5
cbcf9db19f980d9b5232345242d981fa
-
SHA1
0f119cc4df6ea8a861141016e595f99da295b16e
-
SHA256
b244fa001f1f45246b4608fdac78f80988ad60150aa08e7988fc5dbd37e323ef
-
SHA512
7d30cc8ef76b8f8c611f80edca3ccf7ee0daaaa9adbb5fe80db53ae65b2bc5d75e2a1b3e21ae164e211b7176a108ce92d23bac3d6b2a01f113ca019ea846b9d9
-
SSDEEP
768:5OXeakeRbRW3DNANIhrtLvLDwUzc80gmq3oP/oDU:5OPW3DNA8Fr/0O8/oA
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Renames multiple (60) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-