Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

NitroRansomware.exe

windows10-2004-x64

10

Resubmissions

30/10/2024, 04:16 UTC

241030-evvtyaxpak 10

30/10/2024, 04:13 UTC

241030-etaglswgkl 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NitroRansomware.exe

  • Size

    61KB

  • Sample

    241030-evvtyaxpak

  • MD5

    6d7a7a8269d09af8319b7c9782e184fa

  • SHA1

    e689a0d7bfe32a1c8dd4746722465b245e45e903

  • SHA256

    4719137349f2710799839c543157be9b30910bdb55d0cb0ce63e01c7b0cb1fe2

  • SHA512

    8dd0ab0be173c5e69c7b1dc5545f6a7e5ddde6e7433f246b92da45b062e34c96edcb5a66956cba4d92b647e722ad5836e8bb66ef7d28736fa7c27b3456381101

  • SSDEEP

    768:hKsMqCXfVcWO/M9ZkiANIUb0YLDwUzc80gmq3oP/oDA:hKseiM9ZkiAPxr/0O8/oE

Score
10/10
nitrodiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      NitroRansomware.exe

    • Size

      61KB

    • MD5

      6d7a7a8269d09af8319b7c9782e184fa

    • SHA1

      e689a0d7bfe32a1c8dd4746722465b245e45e903

    • SHA256

      4719137349f2710799839c543157be9b30910bdb55d0cb0ce63e01c7b0cb1fe2

    • SHA512

      8dd0ab0be173c5e69c7b1dc5545f6a7e5ddde6e7433f246b92da45b062e34c96edcb5a66956cba4d92b647e722ad5836e8bb66ef7d28736fa7c27b3456381101

    • SSDEEP

      768:hKsMqCXfVcWO/M9ZkiANIUb0YLDwUzc80gmq3oP/oDA:hKseiM9ZkiAPxr/0O8/oE

    Score
    10/10
    nitrodiscoverypersistenceransomwarespywarestealer

    • Nitro

      A ransomware that demands Discord nitro gift codes to decrypt files.

      ransomwarenitro

    • Nitro family

      nitro

    • Renames multiple (90) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.