Our code analysis engine has found that the malware sample 4dd08b0bab6f19d143cca6f96c8b780da7f60dbf74f1c16c3442bc9f07d38030 — recently reported as Nnice ransomware by CYFIRMA research https://www.cyfirma.com/research/nnice-ransomware/ is identical to the Slam ransomware sample 6ca602d0ab54a93f6d9346e3d5cf0dcba011f4545e16cf3a4467f7882551508b that SentinelOne discovered in 2022 https://www.sentinelone.com/blog/from-the-front-lines-slam-anatomy-of-a-publicly-available-ransomware-builder. The only notable changes are the ransom note and file extension (.xdddd).
This discovery demonstrates how even years-old threats can reemerge and that code reuse technology plays a vital role in effectively classifying and attributing malware.
