Overview

overview

10

Static

static

3

5140eb4234...18.exe

windows7-x64

10

5140eb4234...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5140eb423450693d58b6dc0b9607ec12_JaffaCakes118

  • Size

    62KB

  • Sample

    241017-jnm8qsybrb

  • MD5

    5140eb423450693d58b6dc0b9607ec12

  • SHA1

    be85df18233c01ba73de65bbaf4b21aea298ba68

  • SHA256

    e179f228bff619054e5f1b541afd7d57ba357562518a1490c1604024c50d481a

  • SHA512

    cee13b7dc4819db782867df01f961ea5f9b771952615ea7b01c6c36cedd6eb16408e3d9d2455a905103df20ae4be289a433688f6d5cea68645ec8ecdfb6df6b4

  • SSDEEP

    768:PEN8AJTO7baeJvANIESkwILDwUzc80gmq3oP/oDq:PENpOCMvAx9xr/0O8/oW

Score
10/10
nitrodiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      5140eb423450693d58b6dc0b9607ec12_JaffaCakes118

    • Size

      62KB

    • MD5

      5140eb423450693d58b6dc0b9607ec12

    • SHA1

      be85df18233c01ba73de65bbaf4b21aea298ba68

    • SHA256

      e179f228bff619054e5f1b541afd7d57ba357562518a1490c1604024c50d481a

    • SHA512

      cee13b7dc4819db782867df01f961ea5f9b771952615ea7b01c6c36cedd6eb16408e3d9d2455a905103df20ae4be289a433688f6d5cea68645ec8ecdfb6df6b4

    • SSDEEP

      768:PEN8AJTO7baeJvANIESkwILDwUzc80gmq3oP/oDq:PENpOCMvAx9xr/0O8/oW

    Score
    10/10
    nitrodiscoverypersistenceransomwarespywarestealer

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Renames multiple (95) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks