nitro | 4719137349f2710799839c543157be9b30910bdb55d0cb0ce63e01c7b0cb1fe2 | Triage

Resubmissions

30-10-2024 04:16

241030-evvtyaxpak 10

30-10-2024 04:13

241030-etaglswgkl 10

Sharing

General

Target

NitroRansomware.exe
Size

61KB
Sample

241030-evvtyaxpak
MD5

6d7a7a8269d09af8319b7c9782e184fa
SHA1

e689a0d7bfe32a1c8dd4746722465b245e45e903
SHA256

4719137349f2710799839c543157be9b30910bdb55d0cb0ce63e01c7b0cb1fe2
SHA512

8dd0ab0be173c5e69c7b1dc5545f6a7e5ddde6e7433f246b92da45b062e34c96edcb5a66956cba4d92b647e722ad5836e8bb66ef7d28736fa7c27b3456381101
SSDEEP

768:hKsMqCXfVcWO/M9ZkiANIUb0YLDwUzc80gmq3oP/oDA:hKseiM9ZkiAPxr/0O8/oE

Score

10^/10

nitro discovery persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  NitroRansomware.exe
- Size
  
  61KB
- MD5
  
  6d7a7a8269d09af8319b7c9782e184fa
- SHA1
  
  e689a0d7bfe32a1c8dd4746722465b245e45e903
- SHA256
  
  4719137349f2710799839c543157be9b30910bdb55d0cb0ce63e01c7b0cb1fe2
- SHA512
  
  8dd0ab0be173c5e69c7b1dc5545f6a7e5ddde6e7433f246b92da45b062e34c96edcb5a66956cba4d92b647e722ad5836e8bb66ef7d28736fa7c27b3456381101
- SSDEEP
  
  768:hKsMqCXfVcWO/M9ZkiANIUb0YLDwUzc80gmq3oP/oDA:hKseiM9ZkiAPxr/0O8/oE
Score

10^/10

nitro discovery persistence ransomware spyware stealer
- Nitro
  A ransomware that demands Discord nitro gift codes to decrypt files.
  ransomware nitro
- Nitro family
  nitro
- Renames multiple (90) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

nitrodiscoverypersistenceransomwarespywarestealer