Overview

overview

10

Static

static

3

Free Nitro.exe

windows7-x64

10

Free Nitro.exe

windows10-2004-x64

10

Resubmissions

11-05-2024 06:45

240511-hjc2jabd7z 10

11-05-2024 06:40

240511-hfp7padg83 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Free Nitro.exe

  • Size

    62KB

  • Sample

    240511-hjc2jabd7z

  • MD5

    d01e6cc12d314d7d1d3714fa9be0ca80

  • SHA1

    9cb53ff747461cf4f122d6356296341bbd2fe203

  • SHA256

    5010be4c22df0349619aede47aa8e234e16985c8dbd0ca86de12c778b402bf58

  • SHA512

    2fb687819b5cf9ad93b702b553b8d5760e8bb946abd436da72f44918f141ec9be1c6bb02252400da9d9846f70db61f993af783c7a996d6523be582a16d8a767e

  • SSDEEP

    768:OKsMqCXfVcWrPM9ZkiANIUkwYLDwUzc80gmq3oP/oDF:OKsejM9ZkiAP2r/0O8/op

Score
10/10
nitropersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      Free Nitro.exe

    • Size

      62KB

    • MD5

      d01e6cc12d314d7d1d3714fa9be0ca80

    • SHA1

      9cb53ff747461cf4f122d6356296341bbd2fe203

    • SHA256

      5010be4c22df0349619aede47aa8e234e16985c8dbd0ca86de12c778b402bf58

    • SHA512

      2fb687819b5cf9ad93b702b553b8d5760e8bb946abd436da72f44918f141ec9be1c6bb02252400da9d9846f70db61f993af783c7a996d6523be582a16d8a767e

    • SSDEEP

      768:OKsMqCXfVcWrPM9ZkiANIUkwYLDwUzc80gmq3oP/oDF:OKsejM9ZkiAP2r/0O8/op

    Score
    10/10
    nitropersistenceransomwarespywarestealer

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Renames multiple (68) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks