Overview

overview

10

Static

static

3

73de3eeba1...18.exe

windows7-x64

10

73de3eeba1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73de3eeba18475c6860e39061b0174e6_JaffaCakes118

  • Size

    62KB

  • Sample

    241024-qa3vlaxbjh

  • MD5

    73de3eeba18475c6860e39061b0174e6

  • SHA1

    10a3823601b1a18edc62a5bbc83cd7c581f1da59

  • SHA256

    570cc4b6530b319dfc71201010b2775acb89c94e7d42acdbc53f635f2ca4ee4a

  • SHA512

    7f8974d9f71c8b01caa75df6c4dfdb363514d54815d6acd8834a0dd1bc2689bc031adf1b9cbd86554a926bb5d594c0be4fd96e1d8033d97ac5e9bcfe1575a54f

  • SSDEEP

    768:bKsMqCXfVcWl3M9Zk4ANIUI2+QLDwUzc80gmq3oP/oDA:bKsexM9Zk4APxDr/0O8/oU

Score
10/10
nitrodiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      73de3eeba18475c6860e39061b0174e6_JaffaCakes118

    • Size

      62KB

    • MD5

      73de3eeba18475c6860e39061b0174e6

    • SHA1

      10a3823601b1a18edc62a5bbc83cd7c581f1da59

    • SHA256

      570cc4b6530b319dfc71201010b2775acb89c94e7d42acdbc53f635f2ca4ee4a

    • SHA512

      7f8974d9f71c8b01caa75df6c4dfdb363514d54815d6acd8834a0dd1bc2689bc031adf1b9cbd86554a926bb5d594c0be4fd96e1d8033d97ac5e9bcfe1575a54f

    • SSDEEP

      768:bKsMqCXfVcWl3M9Zk4ANIUI2+QLDwUzc80gmq3oP/oDA:bKsexM9Zk4APxDr/0O8/oU

    Score
    10/10
    nitrodiscoverypersistenceransomwarespywarestealer

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Renames multiple (96) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks