Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    381KB

  • Sample

    220917-jttmpsdchm

  • MD5

    84a4e8454dd3e6f9e59955463b91e4f1

  • SHA1

    d5dc4ea8cafb441e68e8c697911d705941475aec

  • SHA256

    fa180d788066c58a8bcb27729bbe5bdcba7887b5eacff50effc3af1206fd4eee

  • SHA512

    8da6f5dcb65ade1ce1aff7e7178bba60369d8332f012a61e164da5caea28aaea1fa5bc29eb02466b265c00f14e7c8a8cf94f4ee026e3ba075c4a35aef57bf996

  • SSDEEP

    6144:0Oy30LzDKSW5Lv1rhRqeXbxbtQKW1GUXWPbFGS0ym/nigabwVf:0T30XDK5L1rhAgxbnZWXi

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      381KB

    • MD5

      84a4e8454dd3e6f9e59955463b91e4f1

    • SHA1

      d5dc4ea8cafb441e68e8c697911d705941475aec

    • SHA256

      fa180d788066c58a8bcb27729bbe5bdcba7887b5eacff50effc3af1206fd4eee

    • SHA512

      8da6f5dcb65ade1ce1aff7e7178bba60369d8332f012a61e164da5caea28aaea1fa5bc29eb02466b265c00f14e7c8a8cf94f4ee026e3ba075c4a35aef57bf996

    • SSDEEP

      6144:0Oy30LzDKSW5Lv1rhRqeXbxbtQKW1GUXWPbFGS0ym/nigabwVf:0T30XDK5L1rhAgxbnZWXi

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v6

Tasks