Nightspire — Technical Analysis (Windows)

NightSpire is a Go-compiled Windows ransomware that encrypts files across drives using per-file AES-256-CTR keys wrapped with a hardcoded RSA-4096-OAEP-SHA512 public key, appends the "sNightspire" marker, changes extensions to .nspire, and exposes Tor-based negotiation and leak sites; the report provides static implementation details, command-line controls, IOCs (hashes, onion URLs, emails, UUID/password), and defensive considerations.