General
-
Target
file
-
Size
284KB
-
Sample
220925-a8d15aceh9
-
MD5
79f5a75175460c30ebcced662a95025d
-
SHA1
853ddce0b141c77897f578fa19fe0e8700252ca6
-
SHA256
97d9ca2b1f4409ff751c1965a0e28f079568a4a538a22f59c1b56313fad446f5
-
SHA512
c2bf0b2b429b4b68624c03fa3de596a3a580441ab628a78194f6a4210b635db6a1484987013350a327b01ddb622b46939781fdbfa061d38ba1ea7b883fdb53dc
-
SSDEEP
3072:PaZ5o0SLpqJ2lSN5Lzb8ed4RoYXD9vgRaBRQY81e/xXGQAA+S3iAX3Zl1AThjfXH:30SL82l8NkDXVgRHKyMb1uhLTEeY
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
nymaim
208.67.104.97
85.31.46.167
Targets
-
-
Target
file
-
Size
284KB
-
MD5
79f5a75175460c30ebcced662a95025d
-
SHA1
853ddce0b141c77897f578fa19fe0e8700252ca6
-
SHA256
97d9ca2b1f4409ff751c1965a0e28f079568a4a538a22f59c1b56313fad446f5
-
SHA512
c2bf0b2b429b4b68624c03fa3de596a3a580441ab628a78194f6a4210b635db6a1484987013350a327b01ddb622b46939781fdbfa061d38ba1ea7b883fdb53dc
-
SSDEEP
3072:PaZ5o0SLpqJ2lSN5Lzb8ed4RoYXD9vgRaBRQY81e/xXGQAA+S3iAX3Zl1AThjfXH:30SL82l8NkDXVgRHKyMb1uhLTEeY
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-