General
-
Target
file.exe
-
Size
284KB
-
Sample
220925-c3kmtschc5
-
MD5
5391b4af9517ae14559622fd6e290e8b
-
SHA1
c1e6b45da475cb365eca384eefa25313c3b03f1e
-
SHA256
609e593e52b4d889ce2aac6834f06ce62e82649b1a49d5e1c1a9cda11d1f5e80
-
SHA512
e3ee994dc59b5222c4b024ac0837b17b1f5d9e21e55d0dd5cc7eabd1ed909156440a21363260fa13fc6c7894f6f4e23957e12b491ef904bf842407b07d743d6e
-
SSDEEP
6144:GLaLHUStoPnhilzmlP1cUvxSKLu0kS0E:GuLzwnclzmlP+ZCz0
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
nymaim
208.67.104.97
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
284KB
-
MD5
5391b4af9517ae14559622fd6e290e8b
-
SHA1
c1e6b45da475cb365eca384eefa25313c3b03f1e
-
SHA256
609e593e52b4d889ce2aac6834f06ce62e82649b1a49d5e1c1a9cda11d1f5e80
-
SHA512
e3ee994dc59b5222c4b024ac0837b17b1f5d9e21e55d0dd5cc7eabd1ed909156440a21363260fa13fc6c7894f6f4e23957e12b491ef904bf842407b07d743d6e
-
SSDEEP
6144:GLaLHUStoPnhilzmlP1cUvxSKLu0kS0E:GuLzwnclzmlP+ZCz0
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-