nitro | 5010be4c22df0349619aede47aa8e234e16985c8dbd0ca86de12c778b402bf58 | Triage

Resubmissions

11-05-2024 06:45

240511-hjc2jabd7z 10

11-05-2024 06:40

240511-hfp7padg83 10

Sharing

General

Target

Free Nitro.exe
Size

62KB
Sample

240511-hfp7padg83
MD5

d01e6cc12d314d7d1d3714fa9be0ca80
SHA1

9cb53ff747461cf4f122d6356296341bbd2fe203
SHA256

5010be4c22df0349619aede47aa8e234e16985c8dbd0ca86de12c778b402bf58
SHA512

2fb687819b5cf9ad93b702b553b8d5760e8bb946abd436da72f44918f141ec9be1c6bb02252400da9d9846f70db61f993af783c7a996d6523be582a16d8a767e
SSDEEP

768:OKsMqCXfVcWrPM9ZkiANIUkwYLDwUzc80gmq3oP/oDF:OKsejM9ZkiAP2r/0O8/op

Score

10^/10

nitro persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  Free Nitro.exe
- Size
  
  62KB
- MD5
  
  d01e6cc12d314d7d1d3714fa9be0ca80
- SHA1
  
  9cb53ff747461cf4f122d6356296341bbd2fe203
- SHA256
  
  5010be4c22df0349619aede47aa8e234e16985c8dbd0ca86de12c778b402bf58
- SHA512
  
  2fb687819b5cf9ad93b702b553b8d5760e8bb946abd436da72f44918f141ec9be1c6bb02252400da9d9846f70db61f993af783c7a996d6523be582a16d8a767e
- SSDEEP
  
  768:OKsMqCXfVcWrPM9ZkiANIUkwYLDwUzc80gmq3oP/oDF:OKsejM9ZkiAP2r/0O8/op
Score

10^/10

nitro persistence ransomware spyware stealer
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Renames multiple (110) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

nitropersistenceransomwarespywarestealer

behavioral2

persistencespywarestealer