General
-
Target
file.exe
-
Size
221KB
-
Sample
221003-hgxcdsddbm
-
MD5
4dc32c4fa750b2d490db3945f2ab1831
-
SHA1
efa9046482328b18a1d611cacfb3c3eab0d4f4a4
-
SHA256
6711fd5ab13a342506a8241edd3eb1bd24cc5299e69bd730388a451aa5ec40c5
-
SHA512
30f8f404b72892033a974c83bb83bcedcdf0c3dc0a2610dd79995683d65ee3b8523c791887709ff41d4cc58aea1ef92f3ed89e760978f840e3659b890446f91b
-
SSDEEP
3072:USgFOR/UUc/+AZ4H5eNfRrDlHaZafFoj8HLzwiZTjeCvv2fVpAVlUrzOpldFv6R/:JnSea5fYVj8HLzwu1vv27AVIOp7Fvu/
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
nymaim
208.67.104.97
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
221KB
-
MD5
4dc32c4fa750b2d490db3945f2ab1831
-
SHA1
efa9046482328b18a1d611cacfb3c3eab0d4f4a4
-
SHA256
6711fd5ab13a342506a8241edd3eb1bd24cc5299e69bd730388a451aa5ec40c5
-
SHA512
30f8f404b72892033a974c83bb83bcedcdf0c3dc0a2610dd79995683d65ee3b8523c791887709ff41d4cc58aea1ef92f3ed89e760978f840e3659b890446f91b
-
SSDEEP
3072:USgFOR/UUc/+AZ4H5eNfRrDlHaZafFoj8HLzwiZTjeCvv2fVpAVlUrzOpldFv6R/:JnSea5fYVj8HLzwu1vv27AVIOp7Fvu/
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-