General
-
Target
file.exe
-
Size
220KB
-
Sample
221003-jfs41sfadn
-
MD5
5ad8f4a88035e5e94787e34004b0e58c
-
SHA1
998908ccbf798430c268c4f4ff2fd5c8db07c142
-
SHA256
5d59918ce4a82077f71fa248bf45aea8b1937adbbafd5cf0d1c518799007acfb
-
SHA512
5b6945ac9c6f961fa289fb31b198a5a651c72b139f76b708fdb98c1eedc0df9eb5368f87f573254d0a1f7051f333dd6143a5e0672cf1d1c5a82dd416fb1e6a24
-
SSDEEP
3072:9BbhegORVLV/xlGqg56+Ua3WWakts8DH/RMt03IXCmYvRGe31kntVP+paM5utMHl:9ehJl0GaNDhetEyCHvRGeFwPBIuS
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
nymaim
208.67.104.97
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
220KB
-
MD5
5ad8f4a88035e5e94787e34004b0e58c
-
SHA1
998908ccbf798430c268c4f4ff2fd5c8db07c142
-
SHA256
5d59918ce4a82077f71fa248bf45aea8b1937adbbafd5cf0d1c518799007acfb
-
SHA512
5b6945ac9c6f961fa289fb31b198a5a651c72b139f76b708fdb98c1eedc0df9eb5368f87f573254d0a1f7051f333dd6143a5e0672cf1d1c5a82dd416fb1e6a24
-
SSDEEP
3072:9BbhegORVLV/xlGqg56+Ua3WWakts8DH/RMt03IXCmYvRGe31kntVP+paM5utMHl:9ehJl0GaNDhetEyCHvRGeFwPBIuS
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-