Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    359KB

  • Sample

    220928-3lkjlsadgj

  • MD5

    307d835b5bc1b21bffb38a0105c527f3

  • SHA1

    5e18c5195a9c370f3a4853e889b1bd231a16c284

  • SHA256

    e8bf7755879b56fa7facf7d04e3121ed31be9993e375e702bfd277df6ed16c44

  • SHA512

    3bf45813b076208a1da32e15a523316c0998b9b498ffff2b4d1cbe8525cd039403acf744249fc54dbd04f33f760e383cb38fbe678768b6c1fe52287d01661109

  • SSDEEP

    6144:6JzucH6AwlzmzLrVlBfF/2oblxxRK8WRyPpiga3wVfg:6tsAwl6rRfF/XxRhDPMp

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      359KB

    • MD5

      307d835b5bc1b21bffb38a0105c527f3

    • SHA1

      5e18c5195a9c370f3a4853e889b1bd231a16c284

    • SHA256

      e8bf7755879b56fa7facf7d04e3121ed31be9993e375e702bfd277df6ed16c44

    • SHA512

      3bf45813b076208a1da32e15a523316c0998b9b498ffff2b4d1cbe8525cd039403acf744249fc54dbd04f33f760e383cb38fbe678768b6c1fe52287d01661109

    • SSDEEP

      6144:6JzucH6AwlzmzLrVlBfF/2oblxxRK8WRyPpiga3wVfg:6tsAwl6rRfF/XxRhDPMp

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks