Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    284KB

  • Sample

    220924-qzpz2abcg4

  • MD5

    5cd9388b0e60981c36bc0553a1ca540a

  • SHA1

    3227b002a4f6b6e0b1962ca395133b1dc8c77e84

  • SHA256

    4ccaf0fd0ebf9417aae0e341166b21f3429908e3710d1c745344c399893cb669

  • SHA512

    7d820dc13a8d8ca8d4798038b1d94122615c5b5f413f9c5de41eb2692ed0a512a6266751d12e8084b20f06ccc7e44f374f471a746c20287a98218b3a357126cc

  • SSDEEP

    3072:FJOaLxo02cb5wPpkxYlpkqYSegeCgdLQjNHg7RA+zVRCnWPaVZdiuhz82Dk+Exx1:fLd2VBl3HgNQjF+zV8WPG5Fw+qx32AY

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file

    • Size

      284KB

    • MD5

      5cd9388b0e60981c36bc0553a1ca540a

    • SHA1

      3227b002a4f6b6e0b1962ca395133b1dc8c77e84

    • SHA256

      4ccaf0fd0ebf9417aae0e341166b21f3429908e3710d1c745344c399893cb669

    • SHA512

      7d820dc13a8d8ca8d4798038b1d94122615c5b5f413f9c5de41eb2692ed0a512a6266751d12e8084b20f06ccc7e44f374f471a746c20287a98218b3a357126cc

    • SSDEEP

      3072:FJOaLxo02cb5wPpkxYlpkqYSegeCgdLQjNHg7RA+zVRCnWPaVZdiuhz82Dk+Exx1:fLd2VBl3HgNQjF+zV8WPG5Fw+qx32AY

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks