General
-
Target
file.exe
-
Size
221KB
-
Sample
221003-hsnjmacda7
-
MD5
811fa27a6e376b8f79abf5a483fa626a
-
SHA1
0bc1893901f7d815c99f84b6d6026fc902f2926a
-
SHA256
d2deaae72a5f7ef69dd3e8b0cc2d3cff7cd2b75cc5010a7c48712cc2ee1ed328
-
SHA512
48591d673ac0a2c6825fdabd472dc6ff559e3dacd8f61c20d54b84a963550b4f3e0d96cc8793249fe605f09aed088eca5301ea5ad8a184e30db3a21fb829dfb4
-
SSDEEP
3072:jhZmqORjkaK7C/aQThJ/HXjAxsM590j/sPJ6ZQu/CmDEwPg:jWP/aQNlTw159wFc
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
nymaim
208.67.104.97
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
221KB
-
MD5
811fa27a6e376b8f79abf5a483fa626a
-
SHA1
0bc1893901f7d815c99f84b6d6026fc902f2926a
-
SHA256
d2deaae72a5f7ef69dd3e8b0cc2d3cff7cd2b75cc5010a7c48712cc2ee1ed328
-
SHA512
48591d673ac0a2c6825fdabd472dc6ff559e3dacd8f61c20d54b84a963550b4f3e0d96cc8793249fe605f09aed088eca5301ea5ad8a184e30db3a21fb829dfb4
-
SSDEEP
3072:jhZmqORjkaK7C/aQThJ/HXjAxsM590j/sPJ6ZQu/CmDEwPg:jWP/aQNlTw159wFc
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-