General
-
Target
file
-
Size
284KB
-
Sample
220925-an6kmsdhbk
-
MD5
80e6bd18333c27db9b1f0965de8d9ee3
-
SHA1
1a729df147eed358f19c834a8110361e40f6452c
-
SHA256
9861d88c6d1b52d3d521da99f9489ec4db8cd240e39723754fe72631d1c64d42
-
SHA512
7c2269195952523243b45e6350b6ba674f96869c82c8d7df8b14c9cbd1c2ca94a2f54401bf95506214d88bec7b7a8eef749c6bf70efc45aa1df52abb0f6217f3
-
SSDEEP
6144:DdL5nP9M8jolMAwv4nuvTMVkp+Des2C9Y:xlnyMoljwBvTMkpCesa
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
nymaim
208.67.104.97
85.31.46.167
Targets
-
-
Target
file
-
Size
284KB
-
MD5
80e6bd18333c27db9b1f0965de8d9ee3
-
SHA1
1a729df147eed358f19c834a8110361e40f6452c
-
SHA256
9861d88c6d1b52d3d521da99f9489ec4db8cd240e39723754fe72631d1c64d42
-
SHA512
7c2269195952523243b45e6350b6ba674f96869c82c8d7df8b14c9cbd1c2ca94a2f54401bf95506214d88bec7b7a8eef749c6bf70efc45aa1df52abb0f6217f3
-
SSDEEP
6144:DdL5nP9M8jolMAwv4nuvTMVkp+Des2C9Y:xlnyMoljwBvTMkpCesa
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-