Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    357KB

  • Sample

    220916-l2sfqabaal

  • MD5

    90da1762f13362256f04cb65a89eef8c

  • SHA1

    9ff737f33233ce5049bd663a190685bd0286c406

  • SHA256

    6bef62653d807b4916c39deb44dcc47e908158a74439903172583c8685cf2077

  • SHA512

    9f084e3e24f782c134464db127af79ad1eec166101bdda5c32565835a92e6ba63b789a56c5218b2c7c7d7c7220850836da7649729c6899b2ba5d44d3667a2192

  • SSDEEP

    6144:Fs2ZQfZusO6BG6GUjvIH6rvmoqU76E0Nniga:FnZnsONuvs6TF74Ni

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      357KB

    • MD5

      90da1762f13362256f04cb65a89eef8c

    • SHA1

      9ff737f33233ce5049bd663a190685bd0286c406

    • SHA256

      6bef62653d807b4916c39deb44dcc47e908158a74439903172583c8685cf2077

    • SHA512

      9f084e3e24f782c134464db127af79ad1eec166101bdda5c32565835a92e6ba63b789a56c5218b2c7c7d7c7220850836da7649729c6899b2ba5d44d3667a2192

    • SSDEEP

      6144:Fs2ZQfZusO6BG6GUjvIH6rvmoqU76E0Nniga:FnZnsONuvs6TF74Ni

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v6

Tasks