Overview

overview

10

Static

static

1

New Text Document.txt

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New Text Document.txt

  • Size

    45B

  • Sample

    240526-2yphnagb52

  • MD5

    23a1a78d0b5351de1748875c282f8496

  • SHA1

    ac6bfb0816ab0e6fa0195fce7d3d3fd4362715eb

  • SHA256

    b346bd42d2892de01d3d271994d425617e4712c5d08a8637046f1406ab6f1ba1

  • SHA512

    46d46751ee80eaa6f12e5ffd410e6687f54354cd23a947597e6a38daf1e67e545d517dc1114cbdc6c5a0d8e6a03beb0c67e2598126a413b8cbb0b7ea4a4c1ca0

Score
10/10
nitropersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      New Text Document.txt

    • Size

      45B

    • MD5

      23a1a78d0b5351de1748875c282f8496

    • SHA1

      ac6bfb0816ab0e6fa0195fce7d3d3fd4362715eb

    • SHA256

      b346bd42d2892de01d3d271994d425617e4712c5d08a8637046f1406ab6f1ba1

    • SHA512

      46d46751ee80eaa6f12e5ffd410e6687f54354cd23a947597e6a38daf1e67e545d517dc1114cbdc6c5a0d8e6a03beb0c67e2598126a413b8cbb0b7ea4a4c1ca0

    Score
    10/10
    nitropersistenceransomwarespywarestealer

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Renames multiple (96) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks