General
-
Target
file.exe
-
Size
284KB
-
Sample
220925-ctklgacgh6
-
MD5
e0663b43a4ddd17bdca98000cca9cbf7
-
SHA1
36bb48bc564dd672fd3e1a390024e463ff81c48c
-
SHA256
e8638c41223f671b889dfd47b715053395d0ed4c5cae4690a1efd8ad73285545
-
SHA512
13dc899e129a16242b9c1c75869cafda10502ddecfd241cbc7d4015e6de91d5a998a51f99984b6a6ac833c9f60dab8e2e6b457abe57f292e672a3b748b96e446
-
SSDEEP
3072:wt2AIALOjEjz5N5Dpzd/Ox95/jV/7RdMgq92lvKYDYGOULHqsOUAjs9+J1sYPNq1:kLzjRxEXdV/rbyGXYGOUVOUAjskqYP
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
nymaim
208.67.104.97
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
284KB
-
MD5
e0663b43a4ddd17bdca98000cca9cbf7
-
SHA1
36bb48bc564dd672fd3e1a390024e463ff81c48c
-
SHA256
e8638c41223f671b889dfd47b715053395d0ed4c5cae4690a1efd8ad73285545
-
SHA512
13dc899e129a16242b9c1c75869cafda10502ddecfd241cbc7d4015e6de91d5a998a51f99984b6a6ac833c9f60dab8e2e6b457abe57f292e672a3b748b96e446
-
SSDEEP
3072:wt2AIALOjEjz5N5Dpzd/Ox95/jV/7RdMgq92lvKYDYGOULHqsOUAjs9+J1sYPNq1:kLzjRxEXdV/rbyGXYGOUVOUAjskqYP
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-