Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    241KB

  • Sample

    220926-r1ageacccr

  • MD5

    f288f3774f523edbf11585a7430d058a

  • SHA1

    8e63f02ba1966566fdf425e556c4bf1d6f4b13a3

  • SHA256

    ffa60b84e4514cc69711ca0db1bf3afc622d4454cd648db3de33935a70e40906

  • SHA512

    f8cad1af1a0a6720ba4742170a9e8c2b5d9587daa2fb994bf52fadf05764eb7e5cb834103ec6a554c8209f65cc758807f73a572627e23498d92c61d9a4363d62

  • SSDEEP

    3072:AbKiTF5WQ1HWYh7w8Pc5xkfaNpamgH07pFupAcu6ivh7AovcxozIYCQg5BTD5B:/J4thM8PaM0pam/pFuJviNAovIZjQg

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      241KB

    • MD5

      f288f3774f523edbf11585a7430d058a

    • SHA1

      8e63f02ba1966566fdf425e556c4bf1d6f4b13a3

    • SHA256

      ffa60b84e4514cc69711ca0db1bf3afc622d4454cd648db3de33935a70e40906

    • SHA512

      f8cad1af1a0a6720ba4742170a9e8c2b5d9587daa2fb994bf52fadf05764eb7e5cb834103ec6a554c8209f65cc758807f73a572627e23498d92c61d9a4363d62

    • SSDEEP

      3072:AbKiTF5WQ1HWYh7w8Pc5xkfaNpamgH07pFupAcu6ivh7AovcxozIYCQg5BTD5B:/J4thM8PaM0pam/pFuJviNAovIZjQg

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks