Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    216KB

  • Sample

    220927-atg48sddap

  • MD5

    2b5cab78ddef9a073f3e67d6c232a3c0

  • SHA1

    05c883937fb2d3f590290c19e67650d7eb8f2fe9

  • SHA256

    98b43c36052580aff0d7bacae12ca45b01d5cf101629706120e86c9ef393c393

  • SHA512

    7ed1762f4dbf74a20f8a7fb68026da78297137ea4104f7998490d712b8ac15e8015a985faf7f64b50ca4d3ea6162496a7338268c23551b6fdd9b11c9a91141be

  • SSDEEP

    3072:xOQCTI5akzl06dzMUjC42+XVhl6iZb8CtyF45Pub5X+k39ZJhWJxQHmSJYoMkc78:xM8tdqi4tCtXAXh9MQHBPcp

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      216KB

    • MD5

      2b5cab78ddef9a073f3e67d6c232a3c0

    • SHA1

      05c883937fb2d3f590290c19e67650d7eb8f2fe9

    • SHA256

      98b43c36052580aff0d7bacae12ca45b01d5cf101629706120e86c9ef393c393

    • SHA512

      7ed1762f4dbf74a20f8a7fb68026da78297137ea4104f7998490d712b8ac15e8015a985faf7f64b50ca4d3ea6162496a7338268c23551b6fdd9b11c9a91141be

    • SSDEEP

      3072:xOQCTI5akzl06dzMUjC42+XVhl6iZb8CtyF45Pub5X+k39ZJhWJxQHmSJYoMkc78:xM8tdqi4tCtXAXh9MQHBPcp

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks