Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    284KB

  • Sample

    220924-1xv4dacbd8

  • MD5

    0f2971d01eaa04817d8b249cf92ef256

  • SHA1

    10ce251ca6f7a43c27d76b592352baa03a5ed8d0

  • SHA256

    bedaf1afc3514b562f9f12ed77db321f3fd72940c9883f9f6f837fae6992d0ce

  • SHA512

    f87cb2001c46398881a7d8bb0632afa56a3dd0a6a3f0deccddf858204d7e5cab73da5c9f6117ca0eb405a3311939bd59bcfd469f6d3d26a13e7390ec74fc364a

  • SSDEEP

    3072:xkjLhLsmMWPN57R5vPYXghTaEOX50VrWHWYGYBmzlXSlye3sKf+kLYFx33DB1B5Y:MLkWDwXgUXX50VrqbG1SLsXkW3D3w

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file

    • Size

      284KB

    • MD5

      0f2971d01eaa04817d8b249cf92ef256

    • SHA1

      10ce251ca6f7a43c27d76b592352baa03a5ed8d0

    • SHA256

      bedaf1afc3514b562f9f12ed77db321f3fd72940c9883f9f6f837fae6992d0ce

    • SHA512

      f87cb2001c46398881a7d8bb0632afa56a3dd0a6a3f0deccddf858204d7e5cab73da5c9f6117ca0eb405a3311939bd59bcfd469f6d3d26a13e7390ec74fc364a

    • SSDEEP

      3072:xkjLhLsmMWPN57R5vPYXghTaEOX50VrWHWYGYBmzlXSlye3sKf+kLYFx33DB1B5Y:MLkWDwXgUXX50VrqbG1SLsXkW3D3w

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks