General
-
Target
file.exe
-
Size
284KB
-
Sample
220925-ewcpradbh3
-
MD5
7c8fa3a31691bc212a3903c922efbabc
-
SHA1
7e5c6794c3973a4407574e3a29bd4a4200805f69
-
SHA256
7ed19db28d8c8a77f137e6e0cd14371e0983b41ebd310ef27f427ed82a2ad71e
-
SHA512
41ea1ce1bc14d607c71efa55917ddb3611bf518250298fc098bcebeb21af627bcb993e37688218a23cbd4feafeabee121f5382c16dd6715430005f551bc0e973
-
SSDEEP
3072:3d+gsLMzdt9gN5+zrb5NYL2ae/XXbjcvoDxjHbP1PKYjZoVhawPCJTgXUBV8/Pkw:sLwX/1NYa/Xbjcv+JbP1PfloVhLPC
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
nymaim
208.67.104.97
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
284KB
-
MD5
7c8fa3a31691bc212a3903c922efbabc
-
SHA1
7e5c6794c3973a4407574e3a29bd4a4200805f69
-
SHA256
7ed19db28d8c8a77f137e6e0cd14371e0983b41ebd310ef27f427ed82a2ad71e
-
SHA512
41ea1ce1bc14d607c71efa55917ddb3611bf518250298fc098bcebeb21af627bcb993e37688218a23cbd4feafeabee121f5382c16dd6715430005f551bc0e973
-
SSDEEP
3072:3d+gsLMzdt9gN5+zrb5NYL2ae/XXbjcvoDxjHbP1PKYjZoVhawPCJTgXUBV8/Pkw:sLwX/1NYa/Xbjcv+JbP1PfloVhLPC
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-