General
-
Target
ipcleaner.exe
-
Size
61KB
-
Sample
241027-lrpbbavjas
-
MD5
f141d316c94c790986c8a611265b13a8
-
SHA1
1a7039db35fca03cff119396e389fc11a16d8ed3
-
SHA256
55c4c9a927b01016ffda9286f5637f3c0c19b84855eea235c07b58d715aca5d2
-
SHA512
b14b7718a6816d8562ed41434ec883bbc169ed6bbdb72f598d3706c18ae5ef955309a4c8049538562d1894249317c6c4e5b867609dbfb04ac7186e688614cc4a
-
SSDEEP
768:JKsMqCXfVcWlzM9ZkiANIUUSYLDwUzc80gmq3oP/oDo:JKse1M9ZkiAP4r/0O8/oM
Malware Config
Targets
-
-
Target
ipcleaner.exe
-
Size
61KB
-
MD5
f141d316c94c790986c8a611265b13a8
-
SHA1
1a7039db35fca03cff119396e389fc11a16d8ed3
-
SHA256
55c4c9a927b01016ffda9286f5637f3c0c19b84855eea235c07b58d715aca5d2
-
SHA512
b14b7718a6816d8562ed41434ec883bbc169ed6bbdb72f598d3706c18ae5ef955309a4c8049538562d1894249317c6c4e5b867609dbfb04ac7186e688614cc4a
-
SSDEEP
768:JKsMqCXfVcWlzM9ZkiANIUUSYLDwUzc80gmq3oP/oDo:JKse1M9ZkiAP4r/0O8/oM
Score10/10-
Nitro
A ransomware that demands Discord nitro gift codes to decrypt files.
-
Nitro family
-
Renames multiple (86) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-